CASA-FW-000220 - The Cisco ASA must be configured to implement scanning threat detection.

Information

In a port scanning attack, an unauthorized application is used to scan the host devices for available services and open ports for subsequent use in an attack. This type of scanning can be used as a DoS attack when the probing packets are sent excessively.

Solution

Configure scanning threat detection as shown in the example below.

ASA(config)# threat-detection scanning-threat shun

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Cisco_ASA_Y24M07_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-5, CAT|I, CCI|CCI-002385, Rule-ID|SV-239864r891328_rule, STIG-ID|CASA-FW-000220, Vuln-ID|V-239864

Plugin: Cisco

Control ID: 5a605d94a852ab56a2ec862f1efc3c0af8a9c653822ebc73b2a67fa195b5ebc2