asked on New Rules on SourceFire ASAx
I need to control a dos attack performed by several request.
I will like to perform this by a new rules.
What i need is something like: This url is ok if an ip address perform a request in a second, is not ok and i need to drop it if an ip address perform 8-10 request in 2 seconds.
Thank you.
Mauro
I will like to perform this by a new rules.
What i need is something like: This url is ok if an ip address perform a request in a second, is not ok and i need to drop it if an ip address perform 8-10 request in 2 seconds.
Thank you.
Mauro
Hardware FirewallsCisco
Last Comment
Pete Long
ASKER
My goal is stop ddos attack from any ip to a service in the dmz firewall.
I need to leave the url open from regular workload, but i need to stop intensive use of this url from an unique ip.
I try to perform a state rule, and seem to work.
Mauro
I need to leave the url open from regular workload, but i need to stop intensive use of this url from an unique ip.
I try to perform a state rule, and seem to work.
Mauro
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Hi,
thank you.
I don't now the specific address so i will apply this to everyone, 0.0.0.0, but in this case i will also limit the good connections.
Mauro
thank you.
I don't now the specific address so i will apply this to everyone, 0.0.0.0, but in this case i will also limit the good connections.
Mauro
Hi Mauro,
Yes but the default is 'limitless' so this is a good thing :)
Pete
Yes but the default is 'limitless' so this is a good thing :)
Pete
Where is the URL pointing? Is it outside the ASA? If so are you assuming your internal clients are performing a DDOS attack? or is it a service you are offering that you don't want attacking? from external IP addresses? (if thats the case then why URL and not IP address/range)
Pete