I would find out the IPs that the worm is trying to send data to, and route those to 127.0.0.1 as suggested FNK. That would take the load off of the firewall. If it's a Windows machine, use the built in firewall to deny traffic to those IPs.
Aaron From: [email protected] [mailto:[email protected]] On Behalf Of parvez ahmad Sent: Sunday, November 20, 2011 8:31 PM To: FNK Cc: [email protected] Subject: Re: [OSL | CCIE_Security] Protecting ASA Firewall PC is sending packet to multiple destination IPs(online zombies). Regards, Parvez On Mon, Nov 21, 2011 at 1:29 AM, FNK <[email protected]<mailto:[email protected]>> wrote: Is there any layer 3 or router between the firewall and pc? If yes then put a null route for the destination of the syn flood on the router. The Packet will never reach the firewall FNK Sent from an iPhone On Nov 20, 2011, at 12:24, parvez ahmad <[email protected]<mailto:[email protected]>> wrote: > Hi All, > > We have host that is compromised by worm. That PC is sending significant > amount of traffic towards the firewall(Syn Flood). Most of the packets are > denied by firewall. But it is consuming CPU and Memory of the firewall. Due > the dependence of the vendor we can't disconnect the PC from the network. > > In this case i want my firewall to stable, In other words that firewall will > not process any packet that is coming from that PC. > > There is only one way to achieve this task by using command Shun(IP address > of PC). or there is any other way as well. > > Thanks in advance. > > Regards, > Parvez > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com<http://www.ipexpert.com> > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com<http://www.PlatinumPlacement.com>
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
