Solved

Cisco ASA Scanning Attack ... Need Assistance

Posted on 2013-07-01
3
1,437 Views
Last Modified: 2013-07-01
Greetings. We have a Cisco ASA 5512-X.  The network has been slow today. Pings to known sites are 1500-3500ms, when usually 30-50 or so.

I noticed a short while ago that our ASA is encountered 2,500 continuous possible scanning attacks.  I'm relatively new to security, but can get around ASDM.

Can anyone guide me to determine the source of the attacks and how to block the IP / range on the Cisco ?

Thanks much.
-Stephen

Screenshot below:

Cisco ASA 5512-X Scanning Attack.
0
Comment
Question by:lapavoni
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
3 Comments
 

Author Comment

by:lapavoni
ID: 39291950
Update:  I got a million of these:

192.168.1.147      8912      255.255.255.255      51003      UDP request discarded from 192.168.1.147/8912 to inside:255.255.255.255/51003

Looks like a broadcast flood from an internal host.  I rebooted the system (unfortunately a backup NAS) and the problem subsided.

So on that note, anyone know how to configure the ASA to stop these ? Or is it a configuration on the switch or host that neeeds to be done ?

Thanks.
0
 

Accepted Solution

by:
lapavoni earned 0 total points
ID: 39291995
OK, hate to do this, but I figured it out.  I enabled storm control on the two ports the NAS is using, following these procedures. They are Cisco 2960Gs:

http://www.techrepublic.com/article/manage-network-broadcasts-on-cisco-switches-using-storm-control/6169808
0
 

Author Closing Comment

by:lapavoni
ID: 39291997
After thorough investigation, and some panic, I found the culprit and solution.  Posted the link above.
0

Featured Post

Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question