Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1153
Views
0
Helpful
4
Replies

how to detect or block hidden source ip(of DDoS) in Firepower.

rockbd
Level 1
Level 1

‎05-03-2021 09:19 AM

Dear All

 

I am not good in networking terms so please forgive if i am wrong.

 

I am a application owner. Last couple of days my application got DDoS attack (as per my network team). But the problem is they can't block it in the cisco firewall (firepower OS) because when they try to find the source IP they are getting 

10.x.x.x, 172.16.x.x, 172.31.x.x, 192.168.x.x which is private IP.

 

So my query is how to get the source where the original request is generate or how can i block this type of attack.

 

Thanks in advance.

 

0 Helpful
4 Replies 4

rais
Level 7
Level 7

‎05-03-2021 09:35 AM - edited ‎05-03-2021 10:00 AM

Edited: ISPs drop RFC1918 destined traffic ( not sourced )

 

If incoming traffic is sourced from RFC1918 space, that should be easier to be blocked incoming from the internet. 

HTH.

0 Helpful

rockbd
Level 1
Level 1
In response to rais

‎05-03-2021 10:10 AM

Thanks for the reply.

 

How to block RFC1918 traffic can you please tell me.

 

also can you tell what are the other way to block those kind a IP.

 

0 Helpful

rais
Level 7
Level 7
In response to rockbd

‎05-03-2021 10:25 AM

A simple solution is an ACL, but it may not be sufficient to block the attack effectively.  Talking to your ISP is the key to solving this issue.

HTH.

0 Helpful

MHM Cisco World
VIP
VIP

‎05-03-2021 01:56 PM

ASA do NAT to these Private Address? change the NAT table and see the original Public IP before NAT.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card