Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Cisco ASA 5510 DMZ attack issues

Posted on 2010-09-21
Last Modified: 2013-11-16
We are having problems with attacks on our web servers.
We have an ASA 5510 and it reports 120+ scanning attacks and 60+ SYN attacks.
When these are higher than 5 the web servers go extremely slow and do not respons.
This is happening for longer periods of time now.
Basic threat detection is enabled, scanning threat detection is enabled and Shun Hosts.

Can anyone help?

Question by:CTEC
  • 4
  • 3
LVL 17

Accepted Solution

Kvistofta earned 500 total points
ID: 33726203
Do you have any max conns or embrionics-limit defined in the static for your web server?


By setting a limit for this you make your firewall protect your web server from syn attacs.


Author Comment

ID: 33726231
i have embrionics-limit set to 25 on the web servers

Author Comment

ID: 33726258
static (DMZ,outside) ***.***.***.*** ***.***.***.*** netmask dns tcp 0 25
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

LVL 17

Expert Comment

ID: 33726544
And you are still getting 60+ half-open connections to the web-server???


Author Comment

ID: 33726980
yes, currently ASDM reports under firewall dashboard:

Scanning attacks: 122
SYN attacks: 85
LVL 17

Expert Comment

ID: 33727034
Ok. But do you have any performance issues on your web server? What you see just indicates that the firewall does what it is built to do. If you do not want to see the firewall identifying and/or blocking attacks you need to protect it with another firewall infront of it. .-)


Author Comment

ID: 33727150
when the firewall reports high scanning attacks and SYN attacks the webservers will not respond to http requests, if i stop inbound traffic the webservers work normally

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SRX240 SYSLOG Setting 6 119
Mac-address sticky 12 61
Windows Folder Permissions 9 91
Standard Naming Convention Policy - Servers, Routers, Switches, Firewalls 3 60
Using in-flight Wi-Fi when you travel? Business travelers beware! In-flight Wi-Fi networks could rip the door right off your digital privacy portal. That’s no joke either, as it might also provide a convenient entrance for bad threat actors.
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question