Guidelines and limitations, Default settings – Cisco ASA 5505 User Manual

Page 1189

Advertising
background image

56-3

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 56 Configuring Threat Detection

Configuring Basic Threat Detection Statistics

For each received event, the ASA checks the average and burst rate limits; if both rates are exceeded,
then the ASA sends two separate system messages, with a maximum of one message for each rate type
per burst period.

Basic threat detection affects performance only when there are drops or potential threats; even in this
scenario, the performance impact is insignificant.

Guidelines and Limitations

This section includes the guidelines and limitations for this feature:

Security Context Guidelines

Supported in single mode only. Multiple mode is not supported.

Firewall Mode Guidelines

Supported in routed and transparent firewall mode.

Types of Traffic Monitored

Only through-the-box traffic is monitored; to-the-box traffic is not included in threat detection.

Default Settings

Basic threat detection statistics are enabled by default.

Table 56-1

lists the default settings. You can view all these default settings using the show

running-config all threat-detection command.

Table 56-1

Basic Threat Detection Default Settings

Packet Drop Reason

Trigger Settings

Average Rate

Burst Rate

DoS attack detected

Bad packet format

Connection limits exceeded

Suspicious ICMP packets
detected

100 drops/sec over the last 600
seconds.

400 drops/sec over the last 20
second period.

80 drops/sec over the last 3600
seconds.

320 drops/sec over the last 120
second period.

Scanning attack detected

5 drops/sec over the last 600
seconds.

10 drops/sec over the last 20
second period.

4 drops/sec over the last 3600
seconds.

8 drops/sec over the last 120
second period.

Incomplete session detected such as
TCP SYN attack detected or no data
UDP session attack detected
(combined)

100 drops/sec over the last 600
seconds.

200 drops/sec over the last 20
second period.

80 drops/sec over the last 3600
seconds.

160 drops/sec over the last 120
second period.

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals