CASA-FW-000220 - The Cisco ASA must be configured to implement scanning threat detection.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

In a port scanning attack, an unauthorized application is used to scan the host devices for available services and open ports for subsequent use in an attack. This type of scanning can be used as a DoS attack when the probing packets are sent excessively.

Solution

Configure scanning threat detection as shown in the example below.

ASA(config)# threat-detection scanning-threat shun

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Cisco_ASA_Y23M01_STIG.zip

Item Details

References: CAT|I, CCI|CCI-002385, Rule-ID|SV-239864r863231_rule, STIG-ID|CASA-FW-000220, Vuln-ID|V-239864

Plugin: Cisco

Control ID: 212c8e8c85a685f4e2523226698c4dadcc238907b9f6cc71f533464a0928685a