05-03-2021 09:19 AM
Dear All
I am not good in networking terms so please forgive if i am wrong.
I am a application owner. Last couple of days my application got DDoS attack (as per my network team). But the problem is they can't block it in the cisco firewall (firepower OS) because when they try to find the source IP they are getting
10.x.x.x, 172.16.x.x, 172.31.x.x, 192.168.x.x which is private IP.
So my query is how to get the source where the original request is generate or how can i block this type of attack.
Thanks in advance.
05-03-2021 09:35 AM - edited 05-03-2021 10:00 AM
Edited: ISPs drop RFC1918 destined traffic ( not sourced )
If incoming traffic is sourced from RFC1918 space, that should be easier to be blocked incoming from the internet.
HTH.
05-03-2021 10:10 AM
Thanks for the reply.
How to block RFC1918 traffic can you please tell me.
also can you tell what are the other way to block those kind a IP.
05-03-2021 10:25 AM
A simple solution is an ACL, but it may not be sufficient to block the attack effectively. Talking to your ISP is the key to solving this issue.
HTH.
05-03-2021 01:56 PM
ASA do NAT to these Private Address? change the NAT table and see the original Public IP before NAT.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide