10-02-2013 07:10 AM - edited 03-11-2019 07:46 PM
I have recently added the Botnet filter license to an ASA5510. Im needing assistance with viewing the config and being able to know that it is working. How can i test? Thanks
10-02-2013 07:29 AM
Here is a document that should get you started:
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/white_paper_c11-532091.html
If there are more questions after going through that doc, fell free to ask.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
10-02-2013 08:53 PM
hi kevin,
here's some show commands as per my FIREWALL notes and a useful link that i've bookmarked.
usually the ASA will generate a syslog if a bad or infected machine is detected.
https://supportforums.cisco.com/docs/DOC-8782
Commands to Verify Botnet Traffic Filtering Operation
Function Command Syntax
Dynamic database status ciscoasa# show dynamic-filter updater-client
Connections filtered ciscoasa# show dynamic-filter statistics
List infected hosts ciscoasa# show dynamic-filterreport infected-hosts
Top-n botnet activity ciscoasa# show dynamic-filter top [infected-hosts | malware-ports | malware-sites]
10-04-2013 05:40 AM
Hi,
I have to enable botnet filter as well for one of our customer. So is it possible to enable botnet filter in monitoring mode only, means without dropping any traffic or impacting the production environment ?
Thanks
10-07-2013 09:15 PM
hi,
the answer is no. the ASA will intercept DNS queries and match it against the configured blacklist sites on its database and drops the traffic.
10-11-2013 10:38 AM
My filter was origanly set to monitor mode which wasnt dropping the malicous requests - Scenerio; I have a DNS server where the filter is detecting as a malicouis host naking DNS requests. My question is, does this necessarily imply that the DNS server is infected or is it another host on my network using this DNS server for name resolution.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide