It's running 8.2(3) On Jul 21, 2011, at 2:00 PM, Butturini, Russell wrote:
> What's the software version on the 5505? > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Paul Asadoorian > Sent: Thursday, July 21, 2011 12:58 PM > To: PaulDotCom Security Weekly Mailing List > Subject: Re: [Pauldotcom] Nessus Scans killing ASA 5505 > > Hi Ron, > > Just a couple of things I noticed: > > 1) Try switching to a TCP scan instead of a SYN scan, it will be a little > slower but may cause less problems with the firewall > > 2) Your max checks per host and max hosts per scan are set really high, this > is likely the reason the firewall is spiking CPU. Try tuning these back > (start with 5 hosts at a time and 10 checks per host). > > 3) Feel free to open a support ticket and the fine folks at Tenable support > can assist you further. > > Thanks! > > Cheers, > Paul > > On 7/21/11 12:02 PM, Ron Henry wrote: >> This problem is probably due to my current gateway not being able to >> keep up, but here goes. >> >> I'm scanning 10 or so /24s as part of a vuln assessment. I'm running >> 4.4.1. The scan using the following scan policy, brings the ASA 5505 >> to it's knees. CPU utilization goes to 98% and stays there until the >> device eventually locks up. I'm honestly probably at the point where I >> just need to move to beefier firewall, but I figured I would run it by >> you guys first. >> >> There are no complicated firewall rules in place and threat detection >> is disabled. >> >> >> The scan policy can be viewed at >> http://www.ciphermonk.net/photos/scan_policy.png >> >> Thanks for your help. >> >> - Ron Henry (dijital1) >> >> Website: http://www.ciphermonk.net <http://www.ciphermonk.net/> >> <http://www.ciphermonk.net/>Email: [email protected] >> <mailto:[email protected]> >> Twitter: http://twitter.com/dijital1 >> LinkedIn: http://www.linkedin.com/in/dijital1 >> >> %JMNU%521*-;UU -GbU- aUP >> %JMNU%521*-A3FSP >> %JMNU%521*-`4B-920-7BP >> %JMNU%521*- 94i-C3-43P >> %JMNU%521*-Bc2F-AR1C-AEBP >> %JMNU%521*-e3+T-U26-DBGP >> %JMNU%521*-bE41-KFF2-D232P >> %JMNU%521*-3Bb}-4+}A-3VAP >> >> >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com > > -- > Paul Asadoorian > PaulDotCom Enterprises > Web: http://pauldotcom.com > Phone: 401.829.9552 > Fax: 1.877.846.2187 > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > > > ****************************************************************************** > This email contains confidential and proprietary information and is not to be > used or disclosed to anyone other than the named recipient of this email, > and is to be used only for the intended purpose of this communication. > ****************************************************************************** > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com - Ron Henry (dijital1) Website: http://www.ciphermonk.net Email: [email protected] Twitter: http://twitter.com/dijital1 LinkedIn: http://www.linkedin.com/in/dijital1 %JMNU%521*-;UU -GbU- aUP %JMNU%521*-A3FSP %JMNU%521*-`4B-920-7BP %JMNU%521*- 94i-C3-43P %JMNU%521*-Bc2F-AR1C-AEBP %JMNU%521*-e3+T-U26-DBGP %JMNU%521*-bE41-KFF2-D232P %JMNU%521*-3Bb}-4+}A-3VAP
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
