Home > Articles > Certification > Cisco Certification

  • Print
  • + Share This
From the author of Threat Detection Default Settings

Threat Detection Default Settings

By default, there are a number of different threat detection settings that are configured. They are used (unless changed) to determine how the threat detection statistics are collected. These settings are configured by the number of packets dropped by the ASA (see Table 1 and Table 2).

Table 1: Message Trigger Default Settings

Packet Drop Reason

Message Trigger Setting

Average

Burst

DoS Attack Detected, Bad Packet Formatting, Exceeded Connection Limits, and Suspicious ICMP Packets Detected

100 drops/second over the last 600 seconds (10 minutes)

400 drops/second over the last 20 seconds

80 drops/second over the last 3600 seconds (60 minutes)

320 drops/second over the last 120 seconds (2 minutes)

Scanning Attack Detected

5 drops/second over the last 600 seconds (10 minutes)

10 drops/second over the last 20 seconds

4 drops/second over the last 3600 seconds (60 minutes)

8 drops/second over the last 120 seconds (2 minutes)

Incomplete Session Detection

100 drops/second over the last 600 seconds (10 minutes)

200 drops/second over the last 20 seconds

80 drops/second over the last 3600 seconds (60 minutes)

160 drops/second over the last 120 seconds (2 minutes)

ACL Denial

400 drops/second over the last 600 minutes (10 minutes)

800 drops/second over the last 20 seconds

320 drops/second over the last 3600 seconds (60 minutes)

640 drops/second over the last 120 seconds (2 minutes)

Basic Firewall Check Failure, Application Inspection Failure

400 drops/second over the last 600 seconds (10 minutes)

1600 drops/second over the last 20 seconds

320 drops/second over the last 3600 seconds (60 minutes)

1280 drops/second over the last 120 seconds (2 minutes)

Interface Overload

2000 drops/second over the last 600 seconds (10 minutes)

8000 drops/seconds over the last 20 seconds

1600 drops/second over the last 3600 seconds (60 minutes)

6400 drops/second over the last 120 seconds (2 minutes)

Table 2: Scanning Threat Detection Default Settings

 

Average

Burst

Scanning Threat Detection

5 drops/second over the last 600 seconds (10 minutes)

10 drops/second over the last 20 seconds

5 drops/second over the last 3600 seconds (60 minutes)

10 drops/second over the last 120 seconds (2 minutes)

  • + Share This
  • 🔖 Save To Your Account