you can configure threat detection http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns_threat.pdf
Date: Sat, 30 Jun 2012 19:40:47 +0530 From: [email protected] To: [email protected] Subject: [OSL | CCIE_Security] DDOS Attack Hi, A server has been compromised and sending malicious traffic towards the zombies (DDOS) Attack(Thousands of connection), This host is behind the ASA. Due to some constraint, The server can not be unpluged form the network. It is taking high CPU and RAM of ASA and legitimate connections getting delay. Adminstrator run the the below two commands to protect ASA/Drop the connection. 1. Shun....IP Address of server.2. Deny ACL(Source- compromised host and destination- ANY) 3. MPF with "Set connection" Is there any way to protect the ASA infrastucture from this type of attack?If not, Let us know with method is best among the above 3 options. Regards,Parvez _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
