Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
363
Views
0
Helpful
1
Replies

How can I create the ability to block an IP based on traffic to a specific IP or port

wayneandersen
Level 1
Level 1

‎09-25-2015 10:04 AM - edited ‎02-21-2020 05:35 AM

Is it possible to have an unused IP address on my ASA, which when it receives traffic flags the source as a bad actor for the whole device.

 

It would work essentially like a spam trap for an email server, where anyone sending to that address clearly indicates a bad actor.

 

I would like to have that address automatically added to a list that is part of a ban filter.

I am sure I could cobble something together with SNMP and Expect in conjunction with a host on my network but was wondering if there was a more simple way to approach this before doing a ton of work on it.

 

Thank you for any ideas.

0 Helpful
1 Reply 1

Chetankumar Phulpagare
Cisco Employee
Cisco Employee

‎09-27-2015 08:25 AM

You might want to take a look at Botnet Filter feature on ASAs.

http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/white_paper_c11-532091.html

 

Regards,

Chetan

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card