lapavoni
asked on
Cisco ASA Scanning Attack ... Need Assistance
Greetings. We have a Cisco ASA 5512-X. The network has been slow today. Pings to known sites are 1500-3500ms, when usually 30-50 or so.
I noticed a short while ago that our ASA is encountered 2,500 continuous possible scanning attacks. I'm relatively new to security, but can get around ASDM.
Can anyone guide me to determine the source of the attacks and how to block the IP / range on the Cisco ?
Thanks much.
-Stephen
Screenshot below:
I noticed a short while ago that our ASA is encountered 2,500 continuous possible scanning attacks. I'm relatively new to security, but can get around ASDM.
Can anyone guide me to determine the source of the attacks and how to block the IP / range on the Cisco ?
Thanks much.
-Stephen
Screenshot below:
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
After thorough investigation, and some panic, I found the culprit and solution. Posted the link above.
ASKER
192.168.1.147 8912 255.255.255.255 51003 UDP request discarded from 192.168.1.147/8912 to inside:255.255.255.255/510
Looks like a broadcast flood from an internal host. I rebooted the system (unfortunately a backup NAS) and the problem subsided.
So on that note, anyone know how to configure the ASA to stop these ? Or is it a configuration on the switch or host that neeeds to be done ?
Thanks.