On Thu, Aug 30, 2012 at 10:54:55, Gilles Fabre wrote:
> Subject: UDP Flooding Security on Cisco ASA
>
> Hi all
>
> B I am more a Routing&Switching than Security guy (note there is not
> any CCIE# below my name...) so I would appreciate your opinions on a
> security topic.
>
> B I used a simple Linux laptop to test UDP flooding destined to a ASA
> firewall IP address :
> B I used the command "hping3 --flood --data 2 --udp " to flood with
> 2-byte UDP packet to the FW B After doing that, my fw cpu was close to
> 100% & packets began to be dropped between hosts on other interfaces.
>
> B I tried to find how to change configuration to prevent this & tried
> configuring "set connection", "ip audit" or "threat-detection" based
> command but without success.
>
>
> B I tried the same on a Juniper SSG140 device today & I see it can
> detect this kind of attack
>
> SSG140-> get counter screen zone DMZ
> Screen counter on zone DMZ
> ICMP flood
> protectionB B B B B B B B B B B B B B B B B B B B B B B B B B B B B B
> B B B B B B B B B 0 UDP flood protectionB B B B B B B B B B B B B B
> B B B B B B B B B B B B B B B B B B B B
> 7746144
> B however, packet processing is impacted as well.
>
>
Did you run a 'show asp drop'? You can also do captures on the asp drop to get more detail. As far as the two platforms go, are you comparing apples to apples? The SSG140 is about par with 5540 based on specs.
-ryan
Blogs and organic groups at http://www.ccie.net
Received on Thu Aug 30 2012 - 15:00:57 ART
This archive was generated by hypermail 2.2.0 : Sat Sep 01 2012 - 08:41:18 ART