Depending on how many IP's your talking about... try shunning them from the ASA, and removing the syslog message from being "logged"
shun 11.22.33.44 no logging message 401004 That'll at least clean up the logs without sacrificing legitimate logging output. Aaron Rohyans IT Coordinator, IDC-USA [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> 317.244.8307 (V) 317.244.4600 (F) ________________________________ From: David W. McSpadden [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2008 2:44 PM To: NT System Admin Issues Subject: Re: People that keep scanning my firewall 7887 entries since last thursday. The majority are 1 icmp scan per IP. However there are about 20 IPs that have over 300 scans since Thursday. They are all blocked but come on people this is crazy. ----- Original Message ----- From: Clayton Doige <mailto:[EMAIL PROTECTED]> To: NT System Admin Issues <mailto:[email protected]> Sent: Monday, July 28, 2008 2:43 PM Subject: RE: People that keep scanning my firewall Hey, a lot of those scans will be script kiddies and the like, it is summer holidays after all. Annoying to be sure, but it does show your firewall up to management as a target, and that could work in your favour if you need budget for additional security in the future? Just a thought... ________________________________ From: David W. McSpadden <[EMAIL PROTECTED]> Sent: 28 July 2008 19:10 To: NT System Admin Issues <[email protected]> Subject: People that keep scanning my firewall Does anyone want to share a list of jerkoffs that keep scanning the outside interface of their firewalls? I want to just blast these IP's that keep filling up my Management reports. They are a bother and have no real value but I am required to get the board an unaltered report. Data Security is everyone's responsibility. ______________________________________________________ This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
