cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

191
Views
0
Helpful
1
Replies
Highlighted
Beginner

How can I create the ability to block an IP based on traffic to a specific IP or port

Is it possible to have an unused IP address on my ASA, which when it receives traffic flags the source as a bad actor for the whole device.

 

It would work essentially like a spam trap for an email server, where anyone sending to that address clearly indicates a bad actor.

 

I would like to have that address automatically added to a list that is part of a ban filter.

I am sure I could cobble something together with SNMP and Expect in conjunction with a host on my network but was wondering if there was a more simple way to approach this before doing a ton of work on it.

 

Thank you for any ideas.

1 REPLY 1
Highlighted
Cisco Employee

You might want to take a look

You might want to take a look at Botnet Filter feature on ASAs.

http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/white_paper_c11-532091.html

 

Regards,

Chetan