Kamran, Are you talking about a license just to turn on Botnet filters on the IPS module for the ASA (AIP-SSM)? I was not aware about this, but want to be sure thats what you are talking about, as I have a client with a recent ASA IPS Module deployment and they're looking at turning on various signatures as need be.
Mark CCIE#30234 (Security) On 11/20/11, Kamran Shakil <[email protected]> wrote: > Hi team : > > > > ASA Botnet filter (need license) can do it , > > > > Do you have IPS, you can put it inline or in promiscuous mode and get > further details on it . > > > > > > > > > > > > Mobile : 00 968 9808 4652 > > Office : 00 968 2416 1111 > > MidEast Data Systems LLC Oman > > "MDS OMAN" is a Part of The Midis Group > > > > Office Location/Address : > > Knowledge Oasis Muscat (KOM), > Rusayl-KOM 4, 6th Floor, > Office No. 0406Z1, > PO BOX:198 , PC:112 > www.midisgroup.com <http://www.midisgroup.com/> > > > > > > > > This e-mail contains confidential information belonging to the issuing > party and is intended solely for the addressees. The unauthorized > disclosure, use, dissemination or copying (either whole or partial) of > this e-mail, or any information it contains, is prohibited. E-mails are > susceptible to alteration and their integrity cannot be guaranteed. The > issuing party shall not be liable for this e-mail if modified or > falsified. > > > > <http://www.linkedin.com/in/kamranshakil> > > > > > > From: [email protected] > [mailto:[email protected]] On Behalf Of Aaron > O'Conner > Sent: Monday, November 21, 2011 8:46 AM > To: parvez ahmad; FNK > Cc: [email protected] > Subject: Re: [OSL | CCIE_Security] Protecting ASA Firewall > > > > I would find out the IPs that the worm is trying to send data to, and > route those to 127.0.0.1 as suggested FNK. That would take the load off > of the firewall. If it's a Windows machine, use the built in firewall > to deny traffic to those IPs. > > > > Aaron > > > > From: [email protected] > [mailto:[email protected]] On Behalf Of parvez > ahmad > Sent: Sunday, November 20, 2011 8:31 PM > To: FNK > Cc: [email protected] > Subject: Re: [OSL | CCIE_Security] Protecting ASA Firewall > > > > PC is sending packet to multiple destination IPs(online zombies). > > > > Regards, > > Parvez > > On Mon, Nov 21, 2011 at 1:29 AM, FNK <[email protected]> wrote: > > Is there any layer 3 or router between the firewall and pc? If yes then > put a null route for the destination of the syn flood on the router. > The Packet will never reach the firewall > > > FNK > Sent from an iPhone > > > > On Nov 20, 2011, at 12:24, parvez ahmad <[email protected]> > wrote: > >> Hi All, >> >> We have host that is compromised by worm. That PC is sending > significant amount of traffic towards the firewall(Syn Flood). Most of > the packets are denied by firewall. But it is consuming CPU and Memory > of the firewall. Due the dependence of the vendor we can't disconnect > the PC from the network. >> >> In this case i want my firewall to stable, In other words that > firewall will not process any packet that is coming from that PC. >> >> There is only one way to achieve this task by using command Shun(IP > address of PC). or there is any other way as well. >> >> Thanks in advance. >> >> Regards, >> Parvez > >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, > please visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > > > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
