01-28-2004 12:16 PM - edited 03-09-2019 06:15 AM
I want to drop packets from a MyDoom infected IP on the net that is hammering our mail server. How can I go about doing this on a PIX w/ 6.1?
Thanks
01-28-2004 01:44 PM
Hi,
since that IP on the Net is infected, I would not trust any kind of traffic coming from that IP. If you already have an access-list (ACL) on your outside interface, then add just this line (make sure you put this entry above the entry that allows the 'MyDoom' traffic to your mail server):
access-list
Kind Regards,
Tom
01-28-2004 05:47 PM
null route the smtp.
I had this problem and a spare nic in the pix. I routed the subnets that I disliked there. Problem resolved. It isn't particularly elegant but it particularly worked...
01-29-2004 05:15 AM
As Tom mentioned, ACL's are one option , but the other is use:
shun x.x.x.x
HTH
Ali
01-29-2004 06:46 AM
Yeah, I should have noted its a 506 though :)
I will try this shun command. Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide