Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
497
Views
0
Helpful
1
Replies

Botnet Data, who is submitting this info?

johnaceti
Level 1
Level 1

‎08-03-2012 08:45 AM - edited ‎03-11-2019 04:37 PM

I recently purchased Botnet for an ASA and have it configured and working properly. I am however curious on who is responsible for its database content. I have seen it block many IPs that are from reputable sources with a "High Risk" label.

IPs that belong to Microsoft and other major manufacturers.

Not much of an issue to whitelist them but unfortunately when a user is blocked they are not displayed a message of any sort via the web browser. It is not until I go into the ASA/botnet app do I see the block. Then wonder why it is listed.

Does anyone have any information on how the data is collected and by who?

Labels:
0 Helpful
1 Reply 1

Julio Carvajal
VIP Alumni
VIP Alumni

‎08-06-2012 05:45 PM

Hello,

The database is download it from CISCO server ( similar to the Ironport database server) , and its done by different intelligence mechanisms that will set into the database the latest blacklisted sites.

This will help you:

http://tools.cisco.com/squish/3D92F

Regards,

Julio

Rate all the helpful posts

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card