Possible Sudden Uptick in ASA DOS?

Mark Mayfield Mark.Mayfield at cityofroseville.com
Wed Jul 8 17:43:46 UTC 2015


Thank you sir.  I read your presentation quite some time ago, probably one of the first times you posted to the list.  It has definitely informed many of my design processes; particularly with regard to server publishing, and been a major part of my supporting documentation in arguments with others at my organization over the last few years.

Of course, these particular ASA implementations are for law enforcement applications, so we are mandated to implement in ways that auditors from the state and federal agencies approve of.

However, this makes me consider the need to more aggressively ACL inbound traffic at the router level before these particular firewalls, which I can do, and may help mitigate such events, so thank you for the reminder!

Mark Mayfield
City of Roseville - AS 54371
Network Systems Engineer

2660 Civic Center Drive
Roseville, MN 55113
651-792-7098      Office

-----Original Message-----
From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of Roland Dobbins
Sent: Wednesday, July 08, 2015 12:18
To: nanog at nanog.org
Subject: Re: Possible Sudden Uptick in ASA DOS?


On 8 Jul 2015, at 23:58, Mark Mayfield wrote:

> Come in this morning to find one failover pair of ASA's had the 
> primary crash and failover, then a couple hours later, the secondary 
> crash and failover, back to the primary.

See this preso:

<https://app.box.com/s/a3oqqlgwe15j8svojvzl>

-----------------------------------
Roland Dobbins <rdobbins at arbor.net>



More information about the NANOG mailing list