https://community.cisco.com/t5/network-security/hacker-attacks/m-p/1384379#M796732 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>If you have identified the public IP of the attacker (and it's only that IP), one option is to shun or block that IP.</P><P>Depending on the device that you have for protection, you can use the shun command or an ACL.</P><P></P><P>Federico.</P></BODY></HTML> Wed, 07 Apr 2010 13:25:14 GMT Federico Coto Fajardo 2010-04-07T13:25:14Z https://community.cisco.com/t5/network-security/hacker-attacks/m-p/1384378#M796706 <P>Hi All,&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; i face a big problem that are continuing attack from the outside into my network. we identified that public ip but cant recognises it. so please hep me out how i can prevent this attacking.&nbsp; i appreciate you comments</P> Mon, 11 Mar 2019 17:29:40 GMT https://community.cisco.com/t5/network-security/hacker-attacks/m-p/1384378#M796706 Arup Dutta 2019-03-11T17:29:40Z https://community.cisco.com/t5/network-security/hacker-attacks/m-p/1384379#M796732 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>If you have identified the public IP of the attacker (and it's only that IP), one option is to shun or block that IP.</P><P>Depending on the device that you have for protection, you can use the shun command or an ACL.</P><P></P><P>Federico.</P></BODY></HTML> Wed, 07 Apr 2010 13:25:14 GMT https://community.cisco.com/t5/network-security/hacker-attacks/m-p/1384379#M796732 Federico Coto Fajardo 2010-04-07T13:25:14Z https://community.cisco.com/t5/network-security/hacker-attacks/m-p/1384380#M796783 <HTML><HEAD></HEAD><BODY><P>Also you can use whois services from arin's and ripe's websites to get more info on who the attacker is.</P><P></P><P>You want to block the attack as close to the source as possible, so blocking him on your upstream router or asking you ISP to do it would be the best thing to do.</P><P></P><P>I hope it helps.</P><P></P><P></P><P>PK</P></BODY></HTML> Wed, 07 Apr 2010 14:43:23 GMT https://community.cisco.com/t5/network-security/hacker-attacks/m-p/1384380#M796783 Panos Kampanakis 2010-04-07T14:43:23Z https://community.cisco.com/t5/network-security/hacker-attacks/m-p/1384381#M796833 <HTML><HEAD></HEAD><BODY><P>Arup,</P><P><SPAN>Most ISPs have an RTBH setup already in place: </SPAN><A class="jive-link-external-small" href="http://ciscosystems.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6642/prod_white_paper0900aecd80313fac.pdf">http://ciscosystems.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6642/prod_white_paper0900aecd80313fac.pdf</A></P><P></P><P>Just call them and give them the public IP that is sending this malicious traffic and they will route it to null. You won't even see these IPs hitting your outisde interface.</P><P></P><P>-KS</P></BODY></HTML> Wed, 07 Apr 2010 15:25:40 GMT https://community.cisco.com/t5/network-security/hacker-attacks/m-p/1384381#M796833 Kureli Sankar 2010-04-07T15:25:40Z