https://community.cisco.com/t5/network-security/block-ip-subnet-from-ftp-attack/m-p/1343088#M859050 <HTML><HEAD></HEAD><BODY><P>You bet. Let's assume they are coming from 75.50.95.72 /29 network. </P><P></P><P>access-list outside_access deny tcp 75.50.95.72 255.255.255.248 any eq ftp</P><P></P><P>You will need to put this above the permit FTP statement.</P></BODY></HTML> Thu, 25 Jun 2009 19:47:54 GMT Collin Clark 2009-06-25T19:47:54Z https://community.cisco.com/t5/network-security/block-ip-subnet-from-ftp-attack/m-p/1343087#M859048 <P>Pix 501 I have a device that I 1 - 1 translate from a private to a public so it can be accessed by techs off site. There is someone with an FTP attack on this public IP. Is there a way to block this Subnet from accessing the device? </P> Mon, 11 Mar 2019 15:48:29 GMT https://community.cisco.com/t5/network-security/block-ip-subnet-from-ftp-attack/m-p/1343087#M859048 cozyk1515 2019-03-11T15:48:29Z https://community.cisco.com/t5/network-security/block-ip-subnet-from-ftp-attack/m-p/1343088#M859050 <HTML><HEAD></HEAD><BODY><P>You bet. Let's assume they are coming from 75.50.95.72 /29 network. </P><P></P><P>access-list outside_access deny tcp 75.50.95.72 255.255.255.248 any eq ftp</P><P></P><P>You will need to put this above the permit FTP statement.</P></BODY></HTML> Thu, 25 Jun 2009 19:47:54 GMT https://community.cisco.com/t5/network-security/block-ip-subnet-from-ftp-attack/m-p/1343088#M859050 Collin Clark 2009-06-25T19:47:54Z https://community.cisco.com/t5/network-security/block-ip-subnet-from-ftp-attack/m-p/1343089#M859054 <HTML><HEAD></HEAD><BODY><P>Collin's way can work but what if the attacker changes their address. If possible you should get the IP addresses of the persons that are allowed to connect and change your access list to permit those addresses and block everything else.</P></BODY></HTML> Fri, 26 Jun 2009 17:08:30 GMT https://community.cisco.com/t5/network-security/block-ip-subnet-from-ftp-attack/m-p/1343089#M859054 kwillacey 2009-06-26T17:08:30Z