What's the software version on the 5505? -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Paul Asadoorian Sent: Thursday, July 21, 2011 12:58 PM To: PaulDotCom Security Weekly Mailing List Subject: Re: [Pauldotcom] Nessus Scans killing ASA 5505
Hi Ron, Just a couple of things I noticed: 1) Try switching to a TCP scan instead of a SYN scan, it will be a little slower but may cause less problems with the firewall 2) Your max checks per host and max hosts per scan are set really high, this is likely the reason the firewall is spiking CPU. Try tuning these back (start with 5 hosts at a time and 10 checks per host). 3) Feel free to open a support ticket and the fine folks at Tenable support can assist you further. Thanks! Cheers, Paul On 7/21/11 12:02 PM, Ron Henry wrote: > This problem is probably due to my current gateway not being able to > keep up, but here goes. > > I'm scanning 10 or so /24s as part of a vuln assessment. I'm running > 4.4.1. The scan using the following scan policy, brings the ASA 5505 > to it's knees. CPU utilization goes to 98% and stays there until the > device eventually locks up. I'm honestly probably at the point where I > just need to move to beefier firewall, but I figured I would run it by > you guys first. > > There are no complicated firewall rules in place and threat detection > is disabled. > > > The scan policy can be viewed at > http://www.ciphermonk.net/photos/scan_policy.png > > Thanks for your help. > > - Ron Henry (dijital1) > > Website: http://www.ciphermonk.net <http://www.ciphermonk.net/> > <http://www.ciphermonk.net/>Email: [email protected] > <mailto:[email protected]> > Twitter: http://twitter.com/dijital1 > LinkedIn: http://www.linkedin.com/in/dijital1 > > %JMNU%521*-;UU -GbU- aUP > %JMNU%521*-A3FSP > %JMNU%521*-`4B-920-7BP > %JMNU%521*- 94i-C3-43P > %JMNU%521*-Bc2F-AR1C-AEBP > %JMNU%521*-e3+T-U26-DBGP > %JMNU%521*-bE41-KFF2-D232P > %JMNU%521*-3Bb}-4+}A-3VAP > > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com -- Paul Asadoorian PaulDotCom Enterprises Web: http://pauldotcom.com Phone: 401.829.9552 Fax: 1.877.846.2187 _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com ****************************************************************************** This email contains confidential and proprietary information and is not to be used or disclosed to anyone other than the named recipient of this email, and is to be used only for the intended purpose of this communication. ****************************************************************************** _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
