05-15-2019 12:37 PM - edited 02-21-2020 09:08 AM
If you need to block IDK malicious IPs and what not, obviously the list could grow very large over time. Also, I know simply blocking a targeted attack may not be effective at preventing DOS/DDOS etc. What would be the best ways to block IPs on lets say an ASA. Would an IPS/IDS be the better solution to implement when it comes to this?
Solved! Go to Solution.
05-15-2019 01:05 PM
The best way to block malicious traffic is to use an IPS. But if you insist on using the ASA you could use the botnet filter feature.
https://www.cisco.com/c/en/us/td/docs/security/asa/special/botnet/guide/asa-botnet.html
05-15-2019 09:32 PM
I would agree with @Marius Gunnerud . but just an HeadsUP! with ASA , if you use that feature on ASA it eats all memory/processing i tried on 5510.
05-15-2019 01:05 PM
The best way to block malicious traffic is to use an IPS. But if you insist on using the ASA you could use the botnet filter feature.
https://www.cisco.com/c/en/us/td/docs/security/asa/special/botnet/guide/asa-botnet.html
05-17-2019 08:54 AM
05-15-2019 09:32 PM
I would agree with @Marius Gunnerud . but just an HeadsUP! with ASA , if you use that feature on ASA it eats all memory/processing i tried on 5510.
05-17-2019 08:46 AM
05-17-2019 08:45 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: