PaulDotCom mailing list archives
Re: Nessus Scans killing ASA 5505
From: Paul Asadoorian <paul () pauldotcom com>
Date: Thu, 21 Jul 2011 13:57:58 -0400
Hi Ron, Just a couple of things I noticed: 1) Try switching to a TCP scan instead of a SYN scan, it will be a little slower but may cause less problems with the firewall 2) Your max checks per host and max hosts per scan are set really high, this is likely the reason the firewall is spiking CPU. Try tuning these back (start with 5 hosts at a time and 10 checks per host). 3) Feel free to open a support ticket and the fine folks at Tenable support can assist you further. Thanks! Cheers, Paul On 7/21/11 12:02 PM, Ron Henry wrote:
This problem is probably due to my current gateway not being able to keep up, but here goes. I'm scanning 10 or so /24s as part of a vuln assessment. I'm running 4.4.1. The scan using the following scan policy, brings the ASA 5505 to it's knees. CPU utilization goes to 98% and stays there until the device eventually locks up. I'm honestly probably at the point where I just need to move to beefier firewall, but I figured I would run it by you guys first. There are no complicated firewall rules in place and threat detection is disabled. The scan policy can be viewed at http://www.ciphermonk.net/photos/scan_policy.png Thanks for your help. - Ron Henry (dijital1) Website: http://www.ciphermonk.net <http://www.ciphermonk.net/> <http://www.ciphermonk.net/>Email: rlh () ciphermonk net <mailto:rlh () ciphermonk net> Twitter: http://twitter.com/dijital1 LinkedIn: http://www.linkedin.com/in/dijital1 %JMNU%521*-;UU -GbU- aUP %JMNU%521*-A3FSP %JMNU%521*-`4B-920-7BP %JMNU%521*- 94i-C3-43P %JMNU%521*-Bc2F-AR1C-AEBP %JMNU%521*-e3+T-U26-DBGP %JMNU%521*-bE41-KFF2-D232P %JMNU%521*-3Bb}-4+}A-3VAP _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-- Paul Asadoorian PaulDotCom Enterprises Web: http://pauldotcom.com Phone: 401.829.9552 Fax: 1.877.846.2187 _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Nessus Scans killing ASA 5505 Ron Henry (Jul 21)
- Re: Nessus Scans killing ASA 5505 Paul Asadoorian (Jul 21)
- Re: Nessus Scans killing ASA 5505 Butturini, Russell (Jul 21)
- Re: Nessus Scans killing ASA 5505 Ron Henry (Jul 22)
- Re: Nessus Scans killing ASA 5505 Butturini, Russell (Jul 21)
- Re: Nessus Scans killing ASA 5505 Albert R. Campa (Jul 21)
- Re: Nessus Scans killing ASA 5505 Paul Asadoorian (Jul 21)