- ASA Threat Detection Feature Overview
- Threat Detection Default Settings
- ASA Threat Detection Configuration
- Scanning Threat Detection Configuration
Threat Detection Default Settings
By default, there are a number of different threat detection settings that are configured. They are used (unless changed) to determine how the threat detection statistics are collected. These settings are configured by the number of packets dropped by the ASA (see Table 1 and Table 2).
Table 1: Message Trigger Default Settings
Packet Drop Reason
|
Message Trigger Setting
|
|
Average
|
Burst
|
|
DoS Attack Detected, Bad Packet Formatting, Exceeded Connection
Limits, and Suspicious ICMP Packets Detected
|
100 drops/second over the last 600 seconds (10 minutes)
|
400 drops/second over the last 20 seconds
|
80 drops/second over the last 3600 seconds (60 minutes)
|
320 drops/second over the last 120 seconds (2 minutes)
|
|
Scanning Attack Detected
|
5 drops/second over the last 600 seconds (10 minutes)
|
10 drops/second over the last 20 seconds
|
4 drops/second over the last 3600 seconds (60 minutes)
|
8 drops/second over the last 120 seconds (2 minutes)
|
|
Incomplete Session Detection
|
100 drops/second over the last 600 seconds (10 minutes)
|
200 drops/second over the last 20 seconds
|
80 drops/second over the last 3600 seconds (60 minutes)
|
160 drops/second over the last 120 seconds (2 minutes)
|
|
ACL Denial
|
400 drops/second over the last 600 minutes (10 minutes)
|
800 drops/second over the last 20 seconds
|
320 drops/second over the last 3600 seconds (60 minutes)
|
640 drops/second over the last 120 seconds (2 minutes)
|
|
Basic Firewall Check Failure, Application Inspection Failure
|
400 drops/second over the last 600 seconds (10 minutes)
|
1600 drops/second over the last 20 seconds
|
320 drops/second over the last 3600 seconds (60 minutes)
|
1280 drops/second over the last 120 seconds (2 minutes)
|
|
Interface Overload
|
2000 drops/second over the last 600 seconds (10 minutes)
|
8000 drops/seconds over the last 20 seconds
|
1600 drops/second over the last 3600 seconds (60 minutes)
|
6400 drops/second over the last 120 seconds (2 minutes)
|
Table 2: Scanning Threat Detection Default Settings
|
Average |
Burst |
Scanning Threat Detection |
5 drops/second over the last 600 seconds (10 minutes) |
10 drops/second over the last 20 seconds |
5 drops/second over the last 3600 seconds (60 minutes) |
10 drops/second over the last 120 seconds (2 minutes) |