Cisco Systems ASA 5580 Manual De Usuario

For each received event, the ASA checks the average and burst rate limits; if both rates are exceeded, 
then the ASA sends two separate system messages, with a maximum of one message for each rate type 
per burst period.

Basic threat detection affects performance only when there are drops or potential threats; even in this 
scenario, the performance impact is insignificant.

This section includes the guidelines and limitations for this feature:

Supported in single mode only. Multiple mode is not supported.

Supported in routed and transparent firewall mode.

Only through-the-box traffic is monitored; to-the-box traffic is not included in threat detection.

Basic threat detection statistics are enabled by default.

 lists the default settings. You can view all these default settings using the show 

running-config all threat-detection command.

DoS attack detected

Bad packet format

Connection limits exceeded

Suspicious ICMP packets 
detected

100 drops/sec over the last 600 
seconds.

400 drops/sec over the last 20 
second period.

80 drops/sec over the last 3600 
seconds.

320 drops/sec over the last 120 
second period.

Scanning attack detected

5 drops/sec over the last 600 
seconds.

10 drops/sec over the last 20 
second period.

4 drops/sec over the last 3600 
seconds.

8 drops/sec over the last 120 
second period.

Incomplete session detected such as 
TCP SYN attack detected or no data 
UDP session attack detected 
(combined)

100 drops/sec over the last 600 
seconds.

200 drops/sec over the last 20 
second period.

80 drops/sec over the last 3600 
seconds.

160 drops/sec over the last 120 
second period.