07-14-2004 10:47 AM - edited 03-09-2019 08:04 AM
I'm interested in knowing how to automatically detect and block traffic that basically are scanning a range of ip address, or port. I've realised that a lot internet worms perform this scan, and it might be advantageous if the firewall or router can detect it and then block the ip from which it is coming.
07-15-2004 05:41 AM
I'm afraid that your question is a bit too broad for this particular forum, IMHO.
If you already have Cisco IDS and/or Cisco PIX Firewalls, then perhaps someone here may be able to offer specific advice to help you out but we'll need to know what equipment you have at your disposal.
The generic answer to your question though is quite simple:
Use a Cisco IDS to detect the activity and then use its ability to dynamically configure a PIX or router (known as a block) to stop this traffic from impacting your network.
07-16-2004 12:35 AM
Thanks
Using 3640 router running Firewall feature set, can it be done? and how
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide