Supposing I am receiving a syn-attack on the ASA's outside interface. The
rate I could see was about 3packets/sec trying to reach any internal
web-server.
How could we build the threat-detection seeking shun the attacker?

I think we should have:
threat-detection scanning-threat shun duration xxxxx
threat-detection rate scanning-threat rate-interval 600 average-rate "no
idea" burst-rate 30

Well, the burst-rate will be 10sec, so if I set up 30 packets in 10 sec, I
would get 3packets/sec

Please, any input/thought would be greatly appreciated
**
-- 
Bruno Fagioli (by Jaunty Jackalope)
Cisco Security Professional
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Reply via email to