Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Cisco ASA Scanning Attack ... Need Assistance

Posted on 2013-07-01
3
Medium Priority
?
1,544 Views
Last Modified: 2013-07-01
Greetings. We have a Cisco ASA 5512-X.  The network has been slow today. Pings to known sites are 1500-3500ms, when usually 30-50 or so.

I noticed a short while ago that our ASA is encountered 2,500 continuous possible scanning attacks.  I'm relatively new to security, but can get around ASDM.

Can anyone guide me to determine the source of the attacks and how to block the IP / range on the Cisco ?

Thanks much.
-Stephen

Screenshot below:

Cisco ASA 5512-X Scanning Attack.
0
Comment
Question by:lapavoni
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
3 Comments
 

Author Comment

by:lapavoni
ID: 39291950
Update:  I got a million of these:

192.168.1.147      8912      255.255.255.255      51003      UDP request discarded from 192.168.1.147/8912 to inside:255.255.255.255/51003

Looks like a broadcast flood from an internal host.  I rebooted the system (unfortunately a backup NAS) and the problem subsided.

So on that note, anyone know how to configure the ASA to stop these ? Or is it a configuration on the switch or host that neeeds to be done ?

Thanks.
0
 

Accepted Solution

by:
lapavoni earned 0 total points
ID: 39291995
OK, hate to do this, but I figured it out.  I enabled storm control on the two ports the NAS is using, following these procedures. They are Cisco 2960Gs:

http://www.techrepublic.com/article/manage-network-broadcasts-on-cisco-switches-using-storm-control/6169808
0
 

Author Closing Comment

by:lapavoni
ID: 39291997
After thorough investigation, and some panic, I found the culprit and solution.  Posted the link above.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Powerful tools can do wonders, but only in the right hands.  Nowhere is this more obvious than with the cloud.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question