Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
303
Views
5
Helpful
1
Replies

The Gameover Zeus/Tovar

julius004
Level 1
Level 1

‎09-08-2014 04:20 PM - edited ‎03-11-2019 09:43 PM

 The lighthouse IP has been set up to help administrators find the Gameover Zeus infection on NAT networks. The theory is simple: every time an infected PC attempts to connect to a Command&Control sinkhole (see below for a partial list), the infected PC will also send a UDP packet to IP address 72.52.116.52 on port 4643 (though we suggest logging all ports). By configuring that address into your firewall, you can log which local IP address is attempting to contact 72.52.116.52, and thereby find and remediate the infection. 

How to set up on asa5505?

Labels:
0 Helpful
1 Reply 1

Maykol Rojas
Cisco Employee
Cisco Employee

‎09-15-2014 06:16 PM

Hello;

 

This might help, ACL logging:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/acl_logging.html#wp1076662

 

Create an ACL, permitting the traffic going to that IP address, then permit the rest, configure logging and you can check that either on ASDM, BUffer or Syslog server.

 

Cheers;

Mike.

Mike
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card