Is there any IP DENY Velocity type rules on an ASA5525-X firewall?
Currently we have a network-object group BLACKLIST. In this list is a bunch of IPs that are trying to dictionary attack one of our webservers. It has done a great deal by cutting down traffic by half, but its not completely stopped. Our web application vendor is asking if our firewall (ASA 5525-X) has any velocity type rules. What they are seeing is when the botnet moves on to a new IP address, they hit the server 1000 times a minute. Is there any dynamic way to keep the blacklist that we have tied to the deny statements updated automatically based on more than x hits in one minute from the same IP?
On December 8, FireEye reported that it had been compromised in a sophisticated supply chain attack: more specifically through the SolarWinds Orion IT monitoring and management software. The attackers leveraged business software updates in order to distr...
ISE Node TerminologyISE DeploymentsISE Deployment Scale and LimitsISE Hardware PlatformsISE PSN PerformanceISE TrustSec ScalingISE Storage RequirementsISE ERS ScaleISE WAN Bandwidth CalculatorSources
About this Document
Cisco Secure Endpoint (for...