https://community.cisco.com/t5/network-security/blocking-connections/m-p/1531974#M695171 <P>If there is a need to block unwanted or malicious connections on firewall, shun is advised.</P><P>Appreciate if any of the gurus here can help me understand what is different in shun than using the ACL for the same purpose.</P><P></P><P>In which typical scenario is shun preferred over acl.</P><P></P><P>TIA.</P> Mon, 11 Mar 2019 18:55:24 GMT suthomas1 2019-03-11T18:55:24Z https://community.cisco.com/t5/network-security/blocking-connections/m-p/1531974#M695171 <P>If there is a need to block unwanted or malicious connections on firewall, shun is advised.</P><P>Appreciate if any of the gurus here can help me understand what is different in shun than using the ACL for the same purpose.</P><P></P><P>In which typical scenario is shun preferred over acl.</P><P></P><P>TIA.</P> Mon, 11 Mar 2019 18:55:24 GMT https://community.cisco.com/t5/network-security/blocking-connections/m-p/1531974#M695171 suthomas1 2019-03-11T18:55:24Z https://community.cisco.com/t5/network-security/blocking-connections/m-p/1531975#M695182 <HTML><HEAD></HEAD><BODY><P>acl will drop everything between a source and destination</P><P></P><P>whereas using shun you can specify a threshold after which it will start shunning, for example say if you see x number of packets in a duration of y mins from z shun the traffic</P><P></P><P>hope it helps</P><P></P><P>- JA</P></BODY></HTML> Sun, 17 Oct 2010 16:49:29 GMT https://community.cisco.com/t5/network-security/blocking-connections/m-p/1531975#M695182 Jitendriya Athavale 2010-10-17T16:49:29Z https://community.cisco.com/t5/network-security/blocking-connections/m-p/1531976#M695195 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>Shun will block everything from the specified host, ACL`s will allow you to permit some ports/protocols and deny the rest of the traffic from the specified host.</P><P></P><P>Cheers</P><P></P><P>Mike</P></BODY></HTML> Sun, 17 Oct 2010 17:12:44 GMT https://community.cisco.com/t5/network-security/blocking-connections/m-p/1531976#M695195 Maykol Rojas 2010-10-17T17:12:44Z https://community.cisco.com/t5/network-security/blocking-connections/m-p/1531977#M695219 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Another difference between "shun" and ACLs is in the packet processing. "Shun"ning is performed at the very first in the packet processing steps while ACL checks are performed after a "Flow lookup" or "Connection entry" lookup.</P><P></P><P>So basically it means, if there is an exisiting connection for some kind of traffic and you decide to block it using ACLs it will not happen unless that connection is torn down and a new one created. But if you decide to "shun" that host, then in spite of the exisiting connection entry "anything and everything" from the host will be blocked.</P><P></P><P>This is the reason why when we configure IPS to block hosts on ASAs (using signature action as "request block"), it uses the "shun" command rather than ACLs (which it uses for router's and switches).</P><P></P><P>Hope that is clear!!</P><P></P><P>Thanks and Regards,<BR />Prapanch</P></BODY></HTML> Mon, 18 Oct 2010 00:16:09 GMT https://community.cisco.com/t5/network-security/blocking-connections/m-p/1531977#M695219 praprama 2010-10-18T00:16:09Z