cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
349
Views
0
Helpful
1
Replies

How can I create the ability to block an IP based on traffic to a specific IP or port

wayneandersen
Level 1
Level 1

Is it possible to have an unused IP address on my ASA, which when it receives traffic flags the source as a bad actor for the whole device.

 

It would work essentially like a spam trap for an email server, where anyone sending to that address clearly indicates a bad actor.

 

I would like to have that address automatically added to a list that is part of a ban filter.

I am sure I could cobble something together with SNMP and Expect in conjunction with a host on my network but was wondering if there was a more simple way to approach this before doing a ton of work on it.

 

Thank you for any ideas.

1 Reply 1

Chetankumar Phulpagare
Cisco Employee
Cisco Employee

You might want to take a look at Botnet Filter feature on ASAs.

http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/white_paper_c11-532091.html

 

Regards,

Chetan

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: