?
Solved

Cisco ASA Scanning Attack ... Need Assistance

Posted on 2013-07-01
3
Medium Priority
?
1,485 Views
Last Modified: 2013-07-01
Greetings. We have a Cisco ASA 5512-X.  The network has been slow today. Pings to known sites are 1500-3500ms, when usually 30-50 or so.

I noticed a short while ago that our ASA is encountered 2,500 continuous possible scanning attacks.  I'm relatively new to security, but can get around ASDM.

Can anyone guide me to determine the source of the attacks and how to block the IP / range on the Cisco ?

Thanks much.
-Stephen

Screenshot below:

Cisco ASA 5512-X Scanning Attack.
0
Comment
Question by:lapavoni
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
3 Comments
 

Author Comment

by:lapavoni
ID: 39291950
Update:  I got a million of these:

192.168.1.147      8912      255.255.255.255      51003      UDP request discarded from 192.168.1.147/8912 to inside:255.255.255.255/51003

Looks like a broadcast flood from an internal host.  I rebooted the system (unfortunately a backup NAS) and the problem subsided.

So on that note, anyone know how to configure the ASA to stop these ? Or is it a configuration on the switch or host that neeeds to be done ?

Thanks.
0
 

Accepted Solution

by:
lapavoni earned 0 total points
ID: 39291995
OK, hate to do this, but I figured it out.  I enabled storm control on the two ports the NAS is using, following these procedures. They are Cisco 2960Gs:

http://www.techrepublic.com/article/manage-network-broadcasts-on-cisco-switches-using-storm-control/6169808
0
 

Author Closing Comment

by:lapavoni
ID: 39291997
After thorough investigation, and some panic, I found the culprit and solution.  Posted the link above.
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question