06-15-2015 05:56 AM - edited 03-11-2019 11:07 PM
I'm currently battling a bot-net on a 8.2 ASA but i dont have the license. So enabling the botnet filter is not an option. Yet.
I'm curious if anyone has struggled with this, and has a few ideas on finding and tracking down the offending machine....?
thank you.
Solved! Go to Solution.
06-16-2015 06:58 AM
Hi,
I think you should be looking for an Internal Address creating many connections outside thru the ASA device.
show local-host connection tcp/udp | in host|count/limit
This should show you the connections per host thru the ASA device and this should help you isolate this issue.
Thanks and Regards,
Vibhor Amrodia
06-16-2015 06:58 AM
Hi,
I think you should be looking for an Internal Address creating many connections outside thru the ASA device.
show local-host connection tcp/udp | in host|count/limit
This should show you the connections per host thru the ASA device and this should help you isolate this issue.
Thanks and Regards,
Vibhor Amrodia
07-01-2015 10:35 AM
Thank you...it has helped immensely.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide