10-05-2010 09:26 AM - edited 03-11-2019 11:50 AM
Is there a way to create a "blacklist" for inbound traffic on the external interface or an ASA5510? These "script kiddies" have never been able to penetrate the system, but their attempts sure do clutter up the logs.
I know that I could procure, configure, and install an intrusion detection device, but I'd like to find out if the ASA has that capability. I know I can shun hosts and exclude networks, but I'd rather not use that feature. The attempts at ssh occur several times a day, and I'd like to stop them as they occur.
Thanx!
Solved! Go to Solution.
10-06-2010 08:51 AM
Hi,
You might also be interested in the Botnet traffic filter feature on the ASA. To read more on this:
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/white_paper_c11-532091.html
Hope this helps!!
Thanks and Regards,
Prapanch
Just to clarify. Botnet will not help unless the attackers are bots and they dns through your firewall (I doubt that is the case from your problem description). Botnet will flag and block only botnet traffic that talk to the back-end bot masters, and not scripted viruses or attacks that are not bot related.
PK
10-05-2010 11:41 AM
It sounds like you are looking for something to dynamically restrict/block access. IMO the best option is, as you stated, is IPS. The good news is that you can put one directly in the ASA and have it shun traffic.
Hope it helps
10-05-2010 01:35 PM
Also you can look into the ASA threat-detection feature and have it shun...
I hope it helps.
PK
10-06-2010 08:17 AM
Hi,
You might also be interested in the Botnet traffic filter feature on the ASA. To read more on this:
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/white_paper_c11-532091.html
Hope this helps!!
Thanks and Regards,
Prapanch
10-06-2010 08:51 AM
Hi,
You might also be interested in the Botnet traffic filter feature on the ASA. To read more on this:
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/white_paper_c11-532091.html
Hope this helps!!
Thanks and Regards,
Prapanch
Just to clarify. Botnet will not help unless the attackers are bots and they dns through your firewall (I doubt that is the case from your problem description). Botnet will flag and block only botnet traffic that talk to the back-end bot masters, and not scripted viruses or attacks that are not bot related.
PK
10-06-2010 09:47 AM
Thanx, everyone, for your suggestions! Unfortunately, none of them are viable solutions in this case.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide