Cisco Firewall :: Launch LAND Attack Against Firewall ASA 5520

Apr 15, 2013

I try to launch a LAND Attack against my firewall ASA 5520. Everything will work fine. But why, I think it should not work. I use a little tool where I can user a spoofed address, with a cluster shell and attack the firewall interface with the source of 127.0.0.1 ore the ip address of the interface as the source and destination. Then I get a cpu load of 89% with only two host. With IP tables I can use kernel processes to prevent this. But I don´t find anything for ASA.

View 1 Replies


ADVERTISEMENT

Cisco Firewall :: 5510 - Deny IP Due To Land Attack

Mar 27, 2011

We are getting continuously log created as below in ASA 5510. I suspect something is going wrong (like system is getting compromised ? )
 
Note: I have changed the actually public IP to 1.1.1.1 for some security cause.
 
Log..
 
Mar 18 21:46:19 124.153.100.44 Mar 18 2011 21:46:22: %ASA-2-106017: Deny IP due to Land Attack from 1.1.1.1 to 1.1.1.1Mar 18 21:46:19 124.153.100.44 Mar 18 2011 21:46:23: %ASA-2-106017: Deny IP due to Land Attack from 1.1.1.1 to 1.1.1.1Mar 18 21:46:20 124.153.100.44 Mar 18 2011 21:46:23: %ASA-2-106017: Deny IP due to Land Attack from 1.1.1.1 to 1.1.1.1Mar 18 21:46:21 124.153.100.44 Mar 18 2011 21:46:24: %ASA-2-106017: Deny IP due to Land Attack from 1.1.1.1 to 1.1.1.1(code)

View 3 Replies View Related

Cisco Firewall :: Land Attack Alerts ASA 5510

Mar 21, 2013

We are getting below logs in our Syslog, how could i stop this."%ASA-2-106017: Deny IP due to Land Attack from 161.233.167.65 to 161.233.167.65 "

View 1 Replies View Related

Cisco Firewall :: ASA 5520 / Can't Get ASDM To Launch

May 5, 2010

i have a new ASA 5520 with only factory default settings. I ran the  commands below on the CLI as instructed for a Cisco document but i cannot access it via https://192.168.1.1/admin like it says i should be able to.
 
Step 1 To identify the IP addresses from which the security appliance accepts HTTPS connections, enter the following command for each address or subnet:

#hostname(config)# http source_IP_address mask source_interface

View 14 Replies View Related

Cisco Firewall :: ASA 5520 ASDM Failed To Launch

Apr 16, 2013

I have new ASA 5520 from the box and i have configured already int g0/1 with ip 10.15.14.5 255.255.255.0 nameif inside kindly see details below the config
 
[code]....

View 4 Replies View Related

Cisco :: 4402 Light Weight APs Drop Out After Land Attack

Sep 12, 2012

We have a WLAN consisting of a WLC 4402 and 11 lightweight APs. For security/compliance reasons we have a Cisco PIX firewall that sits between the WLC (outside) and the APs (inside). The APs are allowed to form LWAPP tunnels through the firewall (inside access-list) to the WLC and the WLAN works as expected.The firewall then limits traffic from the WLAN (outside access list) to certain the internal systems.I have noticed that every so often the firewall logs show continuous "Land attack from 0.0.0.0 0.0.0.0" messages then all APs are disconnected (all lights flash).

View 2 Replies View Related

Cisco Firewall :: ASA5510 Or 5520 Can Protect DDos Attack And Sync Flood

Sep 3, 2010

Does Cisco ASA5510 or 5520 can protect DDos attack and sync flood ?I have problem on this, so how can i protect on this, some time i saw on my log like this"sync flood " or "ddos to xxx.xxx.xxx.xxx" the ip address random .

View 7 Replies View Related

Cisco Firewall :: PIX 525 Anti-Spoofing Attack Protection

Mar 19, 2011

I have multiple questions about the PIX 525 software version 8.0(2) ASDM 6.0 (2)I am a windows network admin that is new to Cisco and routing in general. I have read through the forums and the Cisco documentation, but have not been able to fully understand the topics discussed within.

1. Anti-Spoofing Attack Protection
2. Scanning Threat Detection - Auto Shun
3. NTP Sync Verification
4. QoS implementation5. IOS and ASDM Backup
 
This option is currently DISSABLED for all interfaces.I know what ip address spoofing is, but what is the functionality of these options specifically? How does it work and should I enable it and for which interfaces? Second Question: Scanning Threat Detection - Auto Shun
 
I found this option in ASDM under: Configuration --> Firewall --> Threat Detection.Enable Basic Threat Detection and Enable Scanning Threat Detection are both currently ENABLED, but Shun Hosts detected by scanning threat is currently DISABLED. Also, the Networks Excluded from Shun field is empty. I know what the shun command does. I have used it many times when I have been fortunate enough to catch some piece of **** trying to spam my mail server or gain access to it.
 
What I am asking specifically is how does the Auto Shun work? Should I enable it and what are the potential consequences? Also, what exactly is a scanning attack?
 
I am not familiar enough with the PIX and with the topics discussed in the document to successfully apply the info within. Plus, I'm not sure it covers the kind of basic, all-inclusive bandwith cap I would like to put in place.
 
The goal is to cap the maximum internet (outside) bandwidth that inside5 can use to a reasonable percentage while allowing the other interfaces to have the remainder.

How would I go about this implementation? 2. Is there a way to allow inside1 - inside4 to use max bandwidth when there is no traffic on inside5?
 
I am probably, at least, the third owner of this device and I do not have an account with Cisco nor can my tiny (perhaps non-exsistant given the current economic state) IT budget afford any form of support or software licensing with them.My goal is to backup the IOS and ASDM data in the event that I have to replace the device due to a hardware failure.
 
I found a file transfer function within ASDM which allowed my to copy the files pix802.bin, asdm-602.bin and tfp from flash to my desktop computer. I also have a copy of the activation key info and my current configuration.
 
1. Have I backed up all the data/info I would need to restore this software and ASDM to another unit.
2. The activation key screen also has a serial number field. Is this the hardware serial number or is it for the software? and is it tied to this device specifically or can I use it to restore another unit if necessary?
3. Is there anything else I should do or be aware of regarding backup and restore for the PIX?
4. What is the tfp file?

View 1 Replies View Related

Cisco Firewall :: ASA 5510 - Send Only Alarm Of Attack By Email

Apr 12, 2011

I have a Cisco asa 5510. I am doing attack a my firewall, using n map. I am seeing in the log the attack but i like that firewall send only alarm of attack by email . I have active email with warning and i received very much email.
 
I observed that graph show attack, but not ip of attacker, is possible that Cisco asa show the ip too ? The log show scanning with n map but not shunning IP and not send alarm. How i can send alarm ? The graph no show ip, it's possible show it.

View 10 Replies View Related

Cisco Firewall :: Cannot Launch ASDM From ASA 5505

Jan 3, 2010

recently, ater successfully connecting the VPN to the ASA 5505, I am unable to then launch the ASDM client meaning that I can only SSH in to the unit.
 
I found an old post from 2008 and replied. It refers to an article talking about it is not possible to enable https server and webvpn on the same interface.
 
Well I am running ASA 8.0(4) so this restriction does not apply.

View 16 Replies View Related

Cisco Firewall :: Unable To Launch ASDM Over WAN - ASA 5505

Jan 9, 2013

Remote LAN pool is configured as inside. Route is proper. I am able to open 443 port from the remote LAN pool on the ASA. That means, the port is open from the remote pool. No response if I try https on the browser.

View 11 Replies View Related

Cisco Firewall :: Asa 5510 / Unable To Launch And Access HTTPS To Run ASDM

Jan 17, 2013

i am unable to launch ASDM, and access https:// to run Asdm..everything worked find yesterday but now for some reason it wont work?When i am trying to log in with the asdm it just hangs on the connecting to device... please wait...When i am tryng access the https://... i get the ssl do you want to trust.. and i press proceed anyway and i get an error
 
Asa 5510
Device manager version 6.1
System image file is "disk0:/asa804-k8.bin
 
Also i am accessing the asa with ssh without any issues

View 10 Replies View Related

Cisco Firewall :: Upgrade From 5505 To 5520 On Network - ASA Firewall Throughput

Feb 27, 2013

I'd like to see some REAL LIFE comparisons of ASA firewall throughput (a bit like this one for ISR G2 Routers - [URL].
 
The reason I ask is that I recently upgraded a firewall from an ASA5505 to an ASA5520 on a small network where the only outside connectivity was a single 10meg Internet circuit with an IPSEC VPN (not landed on the firewall but on a router) to another site.
 
When I swapped out the firewall the users noticed a big improvement. The firewall is not doing anything out of the ordinary - no IPS or VPN, just standard state full inspection.

View 5 Replies View Related

Cisco Firewall :: ASA 5520 - Routed Management Interface On Transparent Firewall?

May 5, 2013

I have an asa 5520.  How would I configure my dedicated management interface to be able to route off subnet while the firewall is in transparent mode?

View 1 Replies View Related

Cisco Firewall :: 5520 Identity Based Firewall Doesn't Work Using Citric Published

Jul 26, 2012

We are using the newest release of AD Agent (1.0.0.32.1, built 598). The ASA Firewalls 5520 are having the software release 8.4(3)8 installed.When somebody tries to connect thru the Identity based firewalls from a citrix published desktop environment (PDI) the connection is not possible. Checking the ip-of-user mapping on the firewalls (show user-identity ip-of-user USERNAME) mostly doesn't show the mapping of the USERNAME and the PDI the user is logged in. The user-of-ip mapping of the PDIs IP-address shows mostly other users, which then are used to authenticate the acces thru the firewalls.
 
What is interesting, that on the AD Agent using "adacfg.exe cache list | find /i "USERNAME"" i can't see the PDIs IP-address neither because it is mapped to another user.Is Citrix Published Desktop environment supported to connect thru Identity based Firewalls? How AD Agent, Domain Controllers and Firewalls are working together? On the firewalls with "show user-identity ad-agent we see, the following:
 
-Authentication Port: udp/1645
-Accounting Port: udp/1646
-ASA Listening Port: udp/3799
 
Why Cisco does use 1645 and 1646 and not 1812 and 1813?The Listening Port is used for what purpose? we tried the AD Agent modes full- download and on-demand with the same effect.

View 17 Replies View Related

Cisco Firewall :: 5520 Single Firewall With 2 Core Switches

Jan 4, 2012

Two different WAN links get connected to the firewall via two routers.(Different ip subnets).I need to get this two wan streams seperatly to the core switches.Core switches sits.Active/Stanby senario. If the Active core goes down Stndby Core will have take over the traffic. My design is correct ,if not what do i need to change. ASA is 5520.

View 8 Replies View Related

Cisco Firewall :: ASA 5520 - NTP Server For Firewall Clock Setting

May 22, 2013

I have ASA 5520 installed. I want to use ntp server for firewall clock setting. I found one open-access ntp server (stratum 2) in Los Angeles:
 
[URL] 209.151.225.100
  
Can I use the following command to set ntp server?
 
ntp server 209.151.225.100 source outside.

View 3 Replies View Related

Cisco Firewall :: Make Communication Between 2 Vlans On Firewall 5520 ASA 8.2

Jan 1, 2012

communication between 2 vlans.i have 2 vlans
 
Vlan 100
ip add 1.1.1.1
!
!
!
Vlan 200
ip add    2.2.2.2 
 
i want to make communication between 2 vlans on firewall 5520 ASA 8.2.

View 1 Replies View Related

Cisco Firewall :: ASA 5520 - Corporate Firewall Crash

Feb 27, 2011

I have a serious problem with my corporate firewall, witch is an ASA 5520, fv 8.3, with 8 +1 interfaces. It suddenly started to crash every 10/20 minutes and rebooting alone.
 
First of all I checked system resources witch are in a very low usage state. I also checked interfaces errors, but nothing strange come out o from error counters analysis. I tried disabling logging and all the service policy rules configured, but nothing changed.
 
Nothing changed and firewall continue restarting by itself.
 
Last logs I received before crash were:
 
%ASA-4-711004: Task ran for 35 m sec, Process = Dispatch Unit, PC = 84a619e, Call stack =
%ASA-4-711004: Task ran for 35 m sec, Process = Dispatch Unit, PC = 84a619e, Call stack =   0x084A619E  0x084A6512  0x084A70E1  0x084A7987  0x084A7AAA  0x08558B9B  0x08558E8A  0x083D3518  0x083CA145  0x080659D1  0x089196D9  0x08919790  0x089FF711  0x08A27468

Here the sh crash info command on module 0, after last reboot:
[Code] ......

View 12 Replies View Related

Cisco Firewall :: 5520 Firewall Management Port

Nov 29, 2011

we are having a firewall asa 5520 .we have connected the  management port and inside port to internal network and dmz port to dmz network.now we need to configure tacacs and other management tool on dmz devices through management port. The problem is the management devices tacacs and other are placed in internal network.

View 2 Replies View Related

Cisco Firewall :: ASA 5520 - NAT And Firewall Access Control

Oct 4, 2012

I have an ASA 5520 in my company which does all our NAT and Firewall access control.  Currently there is a rule in place to allow an incoming connection on port 2222 from a specific ip address to allow access to a web app our developers created.  This is a test before the web app is released live.  Now the web app can communicate with the specific address and port but the incoming connection on port 2222 isn't getting through.  Everything looks great in the firewall but how can I log any hits this ACL takes to identify any potential problems?

View 2 Replies View Related

Cisco Firewall :: ASA 5520 - VPN Traffic Is Getting Dropped Through Firewall

Apr 8, 2011

Our Local Network is behind the CISCO ASA Firewall.Whenever we are accessing to Client VPN server,it is getting connected but after few Minutes (May be 5/10/30 Min),the sessions are terminating. The same traffic through PIX is no issue , only with ASA Firewall. See the following Error and request you give the possible root cause for this.
 
2011-04-09 16:15:09    Local4.Info    172.16.1.68    %ASA-6-302016: Tear down UDP connection 87447908 for OUTSIDE:68.22.26.66/4500 to inside:172.16.9.10/4410 duration 0:27:49 bytes 18653

View 1 Replies View Related

Cisco Firewall :: 5520 - Firewall Behind Two GLBP Routers

May 29, 2012

I have problem in the configuration of Cisco ASA 5520, IOS version 8.4. The connection is as follows: LAN network--> Firewall --> Routers with GLBP with virtual ip address. the clients can not ping the virtual interface of the GLBP group, but I can ping it from the firewall, and I can ping the clients from the firewall, I checked the packet tracer it gives :
 
Phase: 7
Type: NAT
Subtype:
Result: DROP
Config:
nat (inside10,outside) source dynamic LAN interface
Additional Information:(code)

View 1 Replies View Related

Cisco Firewall :: Does ASA 5520 Have Layer 7 Firewall

Oct 24, 2012

Need to know if ASA  5520 does Layer 7 firewall or  not?

View 2 Replies View Related

Cisco Firewall :: ASA 5520 (Ver 8.2) - HTTP Behind Firewall

Jan 26, 2012

Two days ago, we changed our old 525 with asa 5520 ( ver 8.2 ). Configuration is the same, except the version. It even retains the same global interface and static public ip address as the old device.All worked well during that period.
 
Yesterday, one of the http applications , not tested other day, was found not to be working. To test, we switched back to the old 525 , however nothing was working when we did that.

View 5 Replies View Related

Cisco Firewall :: Different Between ASA-5520-K9 And ASA-5520-K8

Nov 2, 2012

We were using ASA-5520-K9 with  ASA-SSM-AIP-20-K9 but recently found some hardware problem in our running ASA. Now cisco want to replace with ASA-5520-K8.

View 1 Replies View Related

Cisco Firewall :: ASA 5520 CPU Utilization Is 100 %

Sep 27, 2011

We have configured 20 route in ASA 5520. The CPU usage goes to 100 % at the moment when we add a specific route.route inside 10.254.101.0 255. 255. 255.0 10.254.102.254 1.This is the same case when we add this route at the first cli or as the 10th cli or the 21 cli (errespective of the position of cli) There is an another route out of which 20 routes we have configured is route inside 10.254.103.0 255.255.255.0 10.254.102.254 1.The normal case if we dont add the problamatic route , then the CPU utilization is only 2 %.

View 1 Replies View Related

Cisco Firewall :: ASA 5520 With Failover NAT With Two ISP?

Jun 20, 2011

Currently we have one ISP1 and all traffic goes to this way. Suppose our isp1 goes down, our outside user cant get the server. All servers are nated to this ISP1.We planned to purchase a another ISP2. Shall we Configure same inside server to map this ISP2? so that one primary ISP1 goes down it will take place the outside trafficISP2.

View 1 Replies View Related

Cisco Firewall :: ASA 5520 Nat Translation Max?

Aug 24, 2012

I am going with ASA 5520, know how many NAT translation is possible.

View 2 Replies View Related

Cisco Firewall :: Can Buy Plus License For ASA 5520

Jan 11, 2012

Can i buy a plus license for asa 5520??

View 2 Replies View Related

Cisco Firewall :: 5520 / Does ASA Have Open SSL

Mar 19, 2013

On one of our firewalls we hosting a application/service which impacts clients and we recently conducted a Pen test, the external company doing the Pen test have advised us that there is a vulnerability relating to OpenSSL. We have checked the server and there is no OpenSSL installed so the only place where it could be picking this up is on the ASA, is this correct?Here is the report from the company that conducted the test:4.3 Network Security An outdated OpenSSL package was identified that was vulnerable to a heap corruption bug that may be exploited by an attacker to acquire command execution on the host, or to create denial of service conditions. Table 7   provides an overview of the risk identified per network assessment category,   along with recommendations for resolving the issues identified. Category

Risk
Summary
Recommendations
Patch Management
High

The OpenSSL package installed   on one host was identified as being outdated and subject to a heap corruption   bug. Update the outdated /  vulnerable OpenSSL package to the latest stable version. We have an ASA5520 and running the following version: Cisco Adaptive Security Appliance Software Version 8.2(5)2 How do we check the OpenSSL on the ASA and secondly do we need to update the ASA software version ?

View 3 Replies View Related

Cisco Firewall :: ASA 5520 - How To See Write Log

Aug 5, 2011

I want to see log for write on ASA5520. who & when write lastly and who write before. How to see this log. In show vershon i see last modified date, but not log.

View 5 Replies View Related

Cisco Firewall :: ASA 5520 Failover With SLA?

Jul 19, 2011

Is it possible to setup 2 x Cisco ASA 5520 that are in an Active/Standby failover using sla monitoring?
 
For example ASA1 outside interface connects to an upstream switch and you setup sla monitor with icmp echo to ping that switch. The switch goes down and you need the other ASA2 to become the Active ASA. Can the sla monitor be automatically integrated with the failover commands for this to happen?

View 5 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved