RE: Possible Sudden Uptick in ASA DOS?

[Mark Mayfield <Mark.Mayfield () cityofroseville com>]

Thank you sir.  I read your presentation quite some time ago, probably one of the first times you posted to the list.  
It has definitely informed many of my design processes; particularly with regard to server publishing, and been a major 
part of my supporting documentation in arguments with others at my organization over the last few years.

Of course, these particular ASA implementations are for law enforcement applications, so we are mandated to implement 
in ways that auditors from the state and federal agencies approve of.

However, this makes me consider the need to more aggressively ACL inbound traffic at the router level before these 
particular firewalls, which I can do, and may help mitigate such events, so thank you for the reminder!

Mark Mayfield
City of Roseville - AS 54371
Network Systems Engineer

2660 Civic Center Drive
Roseville, MN 55113
651-792-7098      Office

-----Original Message-----
From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of Roland Dobbins
Sent: Wednesday, July 08, 2015 12:18
To: nanog () nanog org
Subject: Re: Possible Sudden Uptick in ASA DOS?


On 8 Jul 2015, at 23:58, Mark Mayfield wrote:

> Come in this morning to find one failover pair of ASA's had the 
> primary crash and failover, then a couple hours later, the secondary 
> crash and failover, back to the primary.

See this preso:

<https://app.box.com/s/a3oqqlgwe15j8svojvzl>

-----------------------------------
Roland Dobbins <rdobbins () arbor net>