Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
302
Views
0
Helpful
4
Replies

Block an IP on the net

adrian.h
Level 1
Level 1

‎01-28-2004 12:16 PM - edited ‎03-09-2019 06:15 AM

I want to drop packets from a MyDoom infected IP on the net that is hammering our mail server. How can I go about doing this on a PIX w/ 6.1?

Thanks

Labels:
0 Helpful
4 Replies 4

tvanginneken
Level 4
Level 4

‎01-28-2004 01:44 PM

Hi,

since that IP on the Net is infected, I would not trust any kind of traffic coming from that IP. If you already have an access-list (ACL) on your outside interface, then add just this line (make sure you put this entry above the entry that allows the 'MyDoom' traffic to your mail server):

access-list deny ip any

Kind Regards,

Tom

0 Helpful

patrick.cannon
Level 1
Level 1

‎01-28-2004 05:47 PM

null route the smtp.

I had this problem and a spare nic in the pix. I routed the subnets that I disliked there. Problem resolved. It isn't particularly elegant but it particularly worked...

0 Helpful

ali-franks
Level 1
Level 1

‎01-29-2004 05:15 AM

As Tom mentioned, ACL's are one option , but the other is use:

shun x.x.x.x

HTH

Ali

0 Helpful

adrian.h
Level 1
Level 1
In response to ali-franks

‎01-29-2004 06:46 AM

Yeah, I should have noted its a 506 though :)

I will try this shun command. Thanks.

0 Helpful
Customers Also Viewed These Support Documents