Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1640
Views
0
Helpful
1
Replies

Block requests from botnets

smiller_81
Level 1
Level 1

‎10-28-2019 01:55 AM - edited ‎02-21-2020 09:38 AM

Hello,

we operate a web and a mail server behind an ASA 5512 cluster.
Recently we have received many requests (500 connections per second) to our IP addresses on legitimate ports (25, 80, 443, ...).
The requests come from different IP addresses, but mostly from the same network segment (e.g. 217.68.208.0, 217.68.209.0, 217.68.210.0).

Currently we are using a simple ACL in which we add the "Blocked Hosts". However, since the IPs of the attackers change daily, this is not a permanent solution.

What other ways do we have to block these requests?
Could the Cisco Botnet Filter help here?


Many thanks
Best regards
Steven

 

0 Helpful
1 Reply 1

Sheraz.Salim
VIP
VIP

‎10-28-2019 02:17 PM

you are using cisco asa 5512. This hardware do have a cisco firepower module. why dont you use this software for layer7 inspection it come with many more powerful features.issue a command on your asa

!

show module

!

as the ip addresses are keep changing it would be very difficult for you to keep them uptodate  with the ACL. if you have a firepower module running and wanted to block the ip address as you see the bot net. what could you do is if you know what country these ip addresses are coming. you can block that country in your firepower module.

 

please do not forget to rate.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card