18-13
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 18 Threat Detection
Examples for Threat Detection
hostname# show threat-detection shun
Shunned Host List:
10.1.1.6
192.168.6.7
• clear threat-detection shun [ip_address [mask]]
Releases a host from being shunned. If you do not specify an IP address, all hosts are cleared from
the shun list.
For example, to release the host at 10.1.1.6, enter the following command:
hostname# clear threat-detection shun 10.1.1.6
• show threat-detection scanning-threat [attacker | target]
Displays hosts that the ASA decides are attackers (including hosts on the shun list), and displays the
hosts that are the target of an attack. If you do not enter an option, both attackers and target hosts
are displayed. For example:
hostname# show threat-detection scanning-threat attacker
10.1.2.3
10.8.3.6
209.165.200.225
Examples for Threat Detection
The following example configures basic threat detection statistics, and changes the DoS attack rate
settings. All advanced threat detection statistics are enabled, with the host statistics number of rate
intervals lowered to 2. The TCP Intercept rate interval is also customized. Scanning threat detection is
enabled with automatic shunning for all addresses except 10.1.1.0/24. The scanning threat rate intervals
are customized.
threat-detection basic-threat
threat-detection rate dos-drop rate-interval 600 average-rate 60 burst-rate 100
threat-detection statistics
threat-detection statistics host number-of-rate 2
threat-detection statistics tcp-intercept rate-interval 60 burst-rate 800 average-rate 600
threat-detection scanning-threat shun except ip-address 10.1.1.0 255.255.255.0
threat-detection rate scanning-threat rate-interval 1200 average-rate 10 burst-rate 20
threat-detection rate scanning-threat rate-interval 2400 average-rate 10 burst-rate 20
To Next Page
Loading...
Need help?
General
