04-06-2010 11:59 PM - edited 03-11-2019 10:29 AM
Hi All, i face a big problem that are continuing attack from the outside into my network. we identified that public ip but cant recognises it. so please hep me out how i can prevent this attacking. i appreciate you comments
04-07-2010 06:25 AM
Hi,
If you have identified the public IP of the attacker (and it's only that IP), one option is to shun or block that IP.
Depending on the device that you have for protection, you can use the shun command or an ACL.
Federico.
04-07-2010 07:43 AM
Also you can use whois services from arin's and ripe's websites to get more info on who the attacker is.
You want to block the attack as close to the source as possible, so blocking him on your upstream router or asking you ISP to do it would be the best thing to do.
I hope it helps.
PK
04-07-2010 08:25 AM
Arup,
Most ISPs have an RTBH setup already in place: http://ciscosystems.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6642/prod_white_paper0900aecd80313fac.pdf
Just call them and give them the public IP that is sending this malicious traffic and they will route it to null. You won't even see these IPs hitting your outisde interface.
-KS
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide