05-15-2019 12:37 PM - edited 02-21-2020 09:08 AM
If you need to block IDK malicious IPs and what not, obviously the list could grow very large over time. Also, I know simply blocking a targeted attack may not be effective at preventing DOS/DDOS etc. What would be the best ways to block IPs on lets say an ASA. Would an IPS/IDS be the better solution to implement when it comes to this?
Solved! Go to Solution.
05-15-2019 01:05 PM
The best way to block malicious traffic is to use an IPS. But if you insist on using the ASA you could use the botnet filter feature.
https://www.cisco.com/c/en/us/td/docs/security/asa/special/botnet/guide/asa-botnet.html
05-15-2019 09:32 PM
I would agree with @Marius Gunnerud . but just an HeadsUP! with ASA , if you use that feature on ASA it eats all memory/processing i tried on 5510.
05-15-2019 01:05 PM
The best way to block malicious traffic is to use an IPS. But if you insist on using the ASA you could use the botnet filter feature.
https://www.cisco.com/c/en/us/td/docs/security/asa/special/botnet/guide/asa-botnet.html
05-17-2019 08:54 AM
05-15-2019 09:32 PM
I would agree with @Marius Gunnerud . but just an HeadsUP! with ASA , if you use that feature on ASA it eats all memory/processing i tried on 5510.
05-17-2019 08:46 AM
05-17-2019 08:45 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide