Supposing I am receiving a syn-attack on the ASA's outside interface. The rate I could see was about 3packets/sec trying to reach any internal web-server. How could we build the threat-detection seeking shun the attacker?
I think we should have: threat-detection scanning-threat shun duration xxxxx threat-detection rate scanning-threat rate-interval 600 average-rate "no idea" burst-rate 30 Well, the burst-rate will be 10sec, so if I set up 30 packets in 10 sec, I would get 3packets/sec Please, any input/thought would be greatly appreciated ** -- Bruno Fagioli (by Jaunty Jackalope) Cisco Security Professional
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
