15-13
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 15 Threat Detection
Examples for Threat Detection
hostname#
show threat-detection shun
Shunned Host List:
10.1.1.6
192.168.6.7
•
clear threat-detection shun
[
ip_address
[
mask
]]
Releases a host from being shunned. If you do not specify an IP address, all hosts are cleared from
the shun list.
For example, to release the host at 10.1.1.6, enter the following command:
hostname#
clear threat-detection shun 10.1.1.6
•
show threat-detection scanning-threat
[
attacker
|
target
]
Displays hosts that the ASA decides are attackers (including hosts on the shun list), and displays the
hosts that are the target of an attack. If you do not enter an option, both attackers and target hosts
are displayed. For example:
hostname#
show threat-detection scanning-threat attacker
10.1.2.3
10.8.3.6
209.165.200.225
Examples for Threat Detection
The following example configures basic threat detection statistics, and changes the DoS attack rate
settings. All advanced threat detection statistics are enabled, with the host statistics number of rate
intervals lowered to 2. The TCP Intercept rate interval is also customized. Scanning threat detection is
enabled with automatic shunning for all addresses except 10.1.1.0/24. The scanning threat rate intervals
are customized.
threat-detection basic-threat
threat-detection rate dos-drop rate-interval 600 average-rate 60 burst-rate 100
threat-detection statistics
threat-detection statistics host number-of-rate 2
threat-detection statistics tcp-intercept rate-interval 60 burst-rate 800 average-rate 600
threat-detection scanning-threat shun except ip-address 10.1.1.0 255.255.255.0
threat-detection rate scanning-threat rate-interval 1200 average-rate 10 burst-rate 20
threat-detection rate scanning-threat rate-interval 2400 average-rate 10 burst-rate 20
Содержание ASA 5512-X
Страница 5: ...P A R T 1 Service Policies and Access Control ...
Страница 6: ......
Страница 50: ...3 14 Cisco ASA Series Firewall CLI Configuration Guide Chapter 3 Access Rules History for Access Rules ...
Страница 51: ...P A R T 2 Network Address Translation ...
Страница 52: ......
Страница 126: ...5 28 Cisco ASA Series Firewall CLI Configuration Guide Chapter 5 NAT Examples and Reference DNS and NAT ...
Страница 127: ...P A R T 3 Application Inspection ...
Страница 128: ......
Страница 255: ...P A R T 4 Connection Settings and Quality of Service ...
Страница 256: ......
Страница 288: ...12 14 Cisco ASA Series Firewall CLI Configuration Guide Chapter 12 Quality of Service History for QoS ...
Страница 303: ...P A R T 5 Advanced Network Protection ...
Страница 304: ......
Страница 339: ...P A R T 6 ASA Modules ...
Страница 340: ......
Страница 398: ...17 28 Cisco ASA Series Firewall CLI Configuration Guide Chapter 17 ASA CX Module History for the ASA CX Module ...