Waves of Scanning Attacks? How do they coordinate these?
Hi - I have an ASA 5510 acting as our Front End device and I recently tightened the Threat-Detection settings to shun hosts detected as scanning attack devices. Normally I am seeing Scanning Attack counts < 10-15. However I am seeing a Scanning Attack storms from a wide variety of IP addresses several times each week. I was able to capture screenshots (attached) of ASDM graphs of one of these scanning attack storms. I have also included a listing our devices Threat-Detection settings and statistics (below).
I'm wondering how these Scanning Attack storms are coordinated? When these attacks occur, I am seeing the 733101 events listing IP addresses for a very diverse mix of addresses. Moreover, does anyone know of a better strategy I could use to protect our enterprise? I'm wondering if there is a cost effective way to standup a honey pot or something? Also, I have 4 additional static public IP addresses I'm not using.
When we see these spikes in scanning attacks, users complain that WWW traffic bogs down or pages start timing out. Currently we are using a Comcast Business data line setup with speeds of 27 MBPs down and 7 MBPs up. I'm working on upgrading this to 75/15 in the near future.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :