Hi team :
ASA Botnet filter (need license) can do it ,
Do you have IPS, you can put it inline or in promiscuous mode and get
further details on it .
Mobile : 00 968 9808 4652
Office : 00 968 2416 1111
MidEast Data Systems LLC Oman
"MDS OMAN" is a Part of The Midis Group
Office Location/Address :
Knowledge Oasis Muscat (KOM),
Rusayl-KOM 4, 6th Floor,
Office No. 0406Z1,
PO BOX:198 , PC:112
www.midisgroup.com <http://www.midisgroup.com/>
This e-mail contains confidential information belonging to the issuing
party and is intended solely for the addressees. The unauthorized
disclosure, use, dissemination or copying (either whole or partial) of
this e-mail, or any information it contains, is prohibited. E-mails are
susceptible to alteration and their integrity cannot be guaranteed. The
issuing party shall not be liable for this e-mail if modified or
falsified.
<http://www.linkedin.com/in/kamranshakil>
From: [email protected]
[mailto:[email protected]] On Behalf Of Aaron
O'Conner
Sent: Monday, November 21, 2011 8:46 AM
To: parvez ahmad; FNK
Cc: [email protected]
Subject: Re: [OSL | CCIE_Security] Protecting ASA Firewall
I would find out the IPs that the worm is trying to send data to, and
route those to 127.0.0.1 as suggested FNK. That would take the load off
of the firewall. If it's a Windows machine, use the built in firewall
to deny traffic to those IPs.
Aaron
From: [email protected]
[mailto:[email protected]] On Behalf Of parvez
ahmad
Sent: Sunday, November 20, 2011 8:31 PM
To: FNK
Cc: [email protected]
Subject: Re: [OSL | CCIE_Security] Protecting ASA Firewall
PC is sending packet to multiple destination IPs(online zombies).
Regards,
Parvez
On Mon, Nov 21, 2011 at 1:29 AM, FNK <[email protected]> wrote:
Is there any layer 3 or router between the firewall and pc? If yes then
put a null route for the destination of the syn flood on the router.
The Packet will never reach the firewall
FNK
Sent from an iPhone
On Nov 20, 2011, at 12:24, parvez ahmad <[email protected]>
wrote:
> Hi All,
>
> We have host that is compromised by worm. That PC is sending
significant amount of traffic towards the firewall(Syn Flood). Most of
the packets are denied by firewall. But it is consuming CPU and Memory
of the firewall. Due the dependence of the vendor we can't disconnect
the PC from the network.
>
> In this case i want my firewall to stable, In other words that
firewall will not process any packet that is coming from that PC.
>
> There is only one way to achieve this task by using command Shun(IP
address of PC). or there is any other way as well.
>
> Thanks in advance.
>
> Regards,
> Parvez
> _______________________________________________
> For more information regarding industry leading CCIE Lab training,
please visit www.ipexpert.com
>
> Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
<<image001.gif>>
<<image002.jpg>>
<<image003.jpg>>
<<image004.jpg>>
<<image005.jpg>>
<<image006.jpg>>
<<image007.png>>
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
