Thanks to all for your valuable input.
Hi Kamran, Firewall is running on 8.2, but we don't have license for botnet filter. Hi Fawad, we are managing firewall remotely, the host is in the inside of the firewall. There is only L2 switch to connect to firewall. we are authorized to do changes on firewall. Hi Aaron, I observe that in 5 sec, host is sending packet to around 500 online botnet. It is not possible to put acl for each. Hi Piotr, Pc is sending syn flood, udp flood and icmp flood as well. Regards, Parvez On Mon, Nov 21, 2011 at 12:22 PM, Piotr Matusiak <[email protected]> wrote: > Hi, > > What about denying this host in inbound ACL on Inside interface? Another > option would be setting embryonic connections to 0 for that host. > > Regards, > Piotr > > > 2011/11/20 parvez ahmad <[email protected]> > >> Hi All, >> >> We have host that is compromised by worm. That PC is sending significant >> amount of traffic towards the firewall(Syn Flood). Most of the packets are >> denied by firewall. But it is consuming CPU and Memory of the firewall. Due >> the dependence of the vendor we can't disconnect the PC from the network. >> >> In this case i want my firewall to stable, In other words that firewall >> will not process any packet that is coming from that PC. >> >> There is only one way to achieve this task by using command Shun(IP >> address of PC). or there is any other way as well. >> >> Thanks in advance. >> >> Regards, >> Parvez >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com <http://www.platinumplacement.com/> >> > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
