Solved

Cisco ASA Scanning Attack ... Need Assistance

Posted on 2013-07-01
3
1,366 Views
Last Modified: 2013-07-01
Greetings. We have a Cisco ASA 5512-X.  The network has been slow today. Pings to known sites are 1500-3500ms, when usually 30-50 or so.

I noticed a short while ago that our ASA is encountered 2,500 continuous possible scanning attacks.  I'm relatively new to security, but can get around ASDM.

Can anyone guide me to determine the source of the attacks and how to block the IP / range on the Cisco ?

Thanks much.
-Stephen

Screenshot below:

Cisco ASA 5512-X Scanning Attack.
0
Comment
Question by:lapavoni
  • 3
3 Comments
 

Author Comment

by:lapavoni
ID: 39291950
Update:  I got a million of these:

192.168.1.147      8912      255.255.255.255      51003      UDP request discarded from 192.168.1.147/8912 to inside:255.255.255.255/51003

Looks like a broadcast flood from an internal host.  I rebooted the system (unfortunately a backup NAS) and the problem subsided.

So on that note, anyone know how to configure the ASA to stop these ? Or is it a configuration on the switch or host that neeeds to be done ?

Thanks.
0
 

Accepted Solution

by:
lapavoni earned 0 total points
ID: 39291995
OK, hate to do this, but I figured it out.  I enabled storm control on the two ports the NAS is using, following these procedures. They are Cisco 2960Gs:

http://www.techrepublic.com/article/manage-network-broadcasts-on-cisco-switches-using-storm-control/6169808
0
 

Author Closing Comment

by:lapavoni
ID: 39291997
After thorough investigation, and some panic, I found the culprit and solution.  Posted the link above.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
MPLS Network Question 2 35
Error on login Cisco RV016 1 23
site to site tunnel not autostarting 5 36
DHCP on ASA 3 25
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now