Details

In a port scanning attack, an unauthorized application is used to scan the host devices for available services and open ports for subsequent use in an attack. This type of scanning can be used as a DoS attack when the probing packets are sent excessively.

Solution

Configure scanning threat detection as shown in the example below.

ASA(config)# threat-detection scanning-threat shun

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Cisco_ASA_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Cisco.

References

• 800-53|SC-5
• CAT|I
• CCI|CCI-002385
• Rule-ID|SV-239864r665878_rule
• STIG-ID|CASA-FW-000220
• Vuln-ID|V-239864

Source

• Tenable.com/audits