Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1650
  • Last Modified:

How do I force my ASA 5510 to ignore ASA SYN scans from internal servers?

Hello All,

I manage a network that has Quintum devices that provide analogue to SIP conversion. The ASA 5510 is constantly flagging this device as sending SYN scans. The Quintum is on an internal trusted DMZ (through the ASA 5510). How do I force the ASA to ignore this particular device as it relates to SYN scanning. In other words I don't want the ASA to monitor or flag this device as related to SYN attacks.

Thanks in advance.
0
QuintumUser
Asked:
QuintumUser
  • 2
  • 2
1 Solution
 
RafaelCommented:
Have you looked at putting it into a group and then trusting the group or block it altogether in the policies ?
0
 
JZeollaCommented:
Tune your firewall by adjusting (raising) the threat-detection average-rate and burst-rates.  

threat-detection rate syn-attack rate-interval 600 average-rate 30 burst-rate 45    

This says that I will only shun syn-attacks which average 30 SYNs per second over 600 seconds, or shun them immediately if they hit 45 SYNs per second.  


Does this answer your question?
0
 
QuintumUserAuthor Commented:
Rcaballerojr, I am not sure how to put in a group to exclude the firewall from looking for Syn scans.

JZeolla, I will try to adjust the thresholds to see if that helps. When an IP is shunned will that affect my device negatively?

Thanks for the responses
0
 
JZeollaCommented:
It could be, if the IP is legitimate traffic.  My assumption is that your Quintum device is getting inadvertently shunned.
0
 
QuintumUserAuthor Commented:
Setting threshholds took care of it, thanks!!
0

Featured Post

Ready for your healthcare security check-up?

In the past few years, healthcare organizations have become a prime target for advanced attacks. Does your organization have what it needs to defend itself? Schedule your healthcare security check-up today and download our free Healthcare Security Resource Kit today!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now