Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1340
Views
10
Helpful
5
Replies

Best way to block IPs

Go to solution
CiscoPurpleBelt
Level 6
Level 6

‎05-15-2019 12:37 PM - edited ‎02-21-2020 09:08 AM

If you need to block IDK malicious IPs and what not, obviously the list could grow very large over time. Also, I know simply blocking a targeted attack may not be effective at preventing DOS/DDOS etc. What would be the best ways to block IPs on lets say an ASA. Would an IPS/IDS be the better solution to implement when it comes to this?

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Marius Gunnerud
VIP
VIP

‎05-15-2019 01:05 PM

The best way to block malicious traffic is to use an IPS.  But if you insist on using the ASA you could use the botnet filter feature.

https://www.cisco.com/c/en/us/td/docs/security/asa/special/botnet/guide/asa-botnet.html

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

Go to solution
venkat_n7
Level 1
Level 1

‎05-15-2019 09:32 PM

I would agree with @Marius Gunnerud . but just an HeadsUP! with ASA , if you use that feature on ASA it eats all memory/processing i tried on 5510. 

Please rate comments and support
with regards,
Venkat

View solution in original post

5 Replies 5

Go to solution
Marius Gunnerud
VIP
VIP

‎05-15-2019 01:05 PM

The best way to block malicious traffic is to use an IPS.  But if you insist on using the ASA you could use the botnet filter feature.

https://www.cisco.com/c/en/us/td/docs/security/asa/special/botnet/guide/asa-botnet.html

--
Please remember to select a correct answer and rate helpful posts

Go to solution
CiscoPurpleBelt
Level 6
Level 6
In response to Marius Gunnerud

‎05-17-2019 08:54 AM

Looks like I don't have that option on my ASA Firepower
ASDM—the Configuration > Firewall > Botnet Traffic Filter > Botnet Database pane Purge Botnet Database button.
0 Helpful

Go to solution
venkat_n7
Level 1
Level 1

‎05-15-2019 09:32 PM

I would agree with @Marius Gunnerud . but just an HeadsUP! with ASA , if you use that feature on ASA it eats all memory/processing i tried on 5510. 

Please rate comments and support
with regards,
Venkat

Go to solution
CiscoPurpleBelt
Level 6
Level 6
In response to venkat_n7

‎05-17-2019 08:46 AM

Yes I would nee to test so I am not sure I can use it if that is the case.
0 Helpful

Go to solution
CiscoPurpleBelt
Level 6
Level 6

‎05-17-2019 08:45 AM

Awesome thanks!
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card