<div>
Update: &nbsp;I got a million of these:<br />
<br />
192.168.1.147 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;8912 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;255.255.255.255 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;51003 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;UDP request discarded from 192.168.1.147/8912 to inside:255.255.255.255/510<wbr />03<br />
<br />
Looks like a broadcast flood from an internal host. &nbsp;I rebooted the system (unfortunately a backup NAS) and the problem subsided.<br />
<br />
So on that note, anyone know how to configure the ASA to stop these ? Or is it a configuration on the switch or host that neeeds to be done ?<br />
<br />
Thanks.
</div>


Update:  I got a million of these:

192.168.1.147      8912      255.255.255.255      51003      UDP request discarded from 192.168.1.147/8912 to inside:255.255.255.255/51003

Looks like a broadcast flood from an internal host.  I rebooted the system (unfortunately a backup NAS) and the problem subsided.

So on that note, anyone know how to configure the ASA to stop these ? Or is it a configuration on the switch or host that neeeds to be done ?

Thanks.

<div>
After thorough investigation, and some panic, I found the culprit and solution. &nbsp;Posted the link above.
</div>


After thorough investigation, and some panic, I found the culprit and solution.  Posted the link above.

<div>
<div class="content wysiwyg-content">
Greetings. We have a Cisco ASA 5512-X. &nbsp;The network has been slow today. Pings to known sites are 1500-3500ms, when usually 30-50 or so.<br />
<br />
I noticed a short while ago that our ASA is encountered 2,500 continuous possible scanning attacks. &nbsp;I'm relatively new to security, but can get around ASDM.<br />
<br />
Can anyone guide me to determine the source of the attacks and how to block the IP / range on the Cisco ?<br />
<br />
Thanks much.<br />
-Stephen<br />
<br />
Screenshot below:<br />
<br />
<a href="https://filedb.experts-exchange.com/incoming/2013/07_w27/663665/Cisco-ASA5512X-Scan.jpg" target="_blank" title="Cisco ASA 5512-X Scanning Attack. (80 KB)"><img alt="Cisco ASA 5512-X Scanning Attack." class="file-block lazyload" style="max-width: 800px;" data-src="https://filedb.experts-exchange.com/incoming/2013/07_w27/800_663665/Cisco-ASA5512X-Scan.jpg" /></a>
</div>
</div>


Cisco-ASA5512X-Scan.jpg

Greetings. We have a Cisco ASA 5512-X.  The network has been slow today. Pings to known sites are 1500-3500ms, when usually 30-50 or so.

I noticed a short while ago that our ASA is encountered 2,500 continuous possible scanning attacks.  I'm relatively new to security, but can get around ASDM.

Can anyone guide me to determine the source of the attacks and how to block the IP / range on the Cisco ?

Thanks much.
-Stephen

Screenshot below:



Cisco ASA Scanning Attack ... Need Assistance

The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Cisco

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.