cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
477
Views
0
Helpful
2
Replies

Botnet filtering 8.2, no license :)

WStoffel1
Level 1
Level 1

I'm currently battling a bot-net on a 8.2 ASA but i dont have the license.  So enabling the botnet filter is not an option.  Yet.

 

I'm curious if anyone has struggled with this, and has a few ideas on finding and tracking down the offending machine....?

 

thank you.

1 Accepted Solution

Accepted Solutions

Vibhor Amrodia
Cisco Employee
Cisco Employee

Hi,

I think you should be looking for an Internal Address creating many connections outside thru the ASA device.

show local-host connection tcp/udp | in host|count/limit

This should show you the connections per host thru the ASA device and this should help you isolate this issue.

Thanks and Regards,

Vibhor Amrodia

View solution in original post

2 Replies 2

Vibhor Amrodia
Cisco Employee
Cisco Employee

Hi,

I think you should be looking for an Internal Address creating many connections outside thru the ASA device.

show local-host connection tcp/udp | in host|count/limit

This should show you the connections per host thru the ASA device and this should help you isolate this issue.

Thanks and Regards,

Vibhor Amrodia

Thank you...it has helped immensely.

Review Cisco Networking for a $25 gift card