Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
533
Views
0
Helpful
1
Replies

Botnet Report

John Johnson
Level 1
Level 1

‎02-18-2011 12:58 PM - last edited on ‎03-25-2019 05:45 PM by Community Manager

I have recently setup the Botnet Traffic Filter on my ASA 5510.  Today my report showed 1 connection logged to tcp >8192.  My question is how do I find the associated ip's that go along with that particular entry.  When I look at top infected host none of them show any port other than port 80.

If you need any further information please do not hesitate to ask.

thanks in advance

John

Labels:
0 Helpful
1 Reply 1

Maykol Rojas
Cisco Employee
Cisco Employee

‎02-18-2011 08:58 PM

Hi John,

Would you please paste your report?

Thats odd... However, I've never thrown reports on botnet....I knwo that the majority of the traffic is going to be on port 80, since the ASA what blocks is the malicious sites based on Ironport. I have no idea why you are seeing ports other than 80....

Anyway, please paste the report, I would like to take a look at it.

Cheer

Mike

Mike
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card