Forum Moderators: DixonJones
new to forums and new to the webmaster world from the security aspect. I was wondering if anyone uses the ASA5510, and maybe discuss what they have done with it.
So far I've been able to capture some abusive activity by using the top 10 sources to show me some of the really annoying ips. Then cross referenced the access_log so I can see what actually went as far as malicous bots. But I'm getting possible scan and syn attack rates from 0 to 12 and that's more questions.
Anyways, hope someone can lend a brain
Chuck
Thank you.
Eliz.
Another thing I noticed was I have enabled basic threat detection, and also checked enable scanning threat detection. I've checked the shun hosts detected by scanning threat.
Two things I've noticed doing this, I have no hosts yet in my shuns list although the graph that displays possible scan and syn attacks always going up and down. (I know how to use the CLI to get detailed information but not sure what to look at). I type into the cli to show my scanning threats and shun list and nothing is shun but latest attacker host list contains 72.141.13.0 and 66.249.67.0 (the second one I'm sure is the host for Googles bot). After letting it stay on the scanning-threat list I notice that google still crawls. I'm fine with that but that means the 72.* one is probably also still diong what it's doing.
Other question is does this detection work against bots? Ones which call numerous pages for their search purpose?
Chuck
[edited by: Mr_Servon at 7:08 pm (utc) on Aug. 1, 2008]
They are on 72.14.nnn.nnn and 74.125.nnn.nnn among others: (64.68.nnn.nnn) (64.233.nnn.nnn) (66.102.nnn.nnn) (66.249.nnn.nnn) (209.85.nnn.nnn) (216.239.nnn.nnn) etc.
