Botnet License is for Cisco ASA and not for IPS . http://www.cisco.com/en/US/prod/vpndevc/ps6032/ps6094/ps6120/botnet_index.html HTH
Date: Tue, 22 Nov 2011 18:57:49 -0500 From: [email protected] To: [email protected] CC: [email protected] Subject: Re: [OSL | CCIE_Security] Protecting ASA Firewall Isn't Botnet license available for Asa only ? On Tuesday, November 22, 2011, Mark Senteza <[email protected]> wrote: > Kamran, > > Are you talking about a license just to turn on Botnet filters on the > IPS module for the ASA (AIP-SSM)? I was not aware about this, but want > to be sure thats what you are talking about, as I have a client with a > recent ASA IPS Module deployment and they're looking at turning on > various signatures as need be. > > Mark > > CCIE#30234 (Security) > > > On 11/20/11, Kamran Shakil <[email protected]> wrote: >> Hi team : >> >> >> >> ASA Botnet filter (need license) can do it , >> >> >> >> Do you have IPS, you can put it inline or in promiscuous mode and get >> further details on it . >> >> >> >> >> >> >> >> >> >> >> >> Mobile : 00 968 9808 4652 >> >> Office : 00 968 2416 1111 >> >> MidEast Data Systems LLC Oman >> >> "MDS OMAN" is a Part of The Midis Group >> >> >> >> Office Location/Address : >> >> Knowledge Oasis Muscat (KOM), >> Rusayl-KOM 4, 6th Floor, >> Office No. 0406Z1, >> PO BOX:198 , PC:112 >> www.midisgroup.com <http://www.midisgroup.com/> >> >> >> >> >> >> >> >> This e-mail contains confidential information belonging to the issuing >> party and is intended solely for the addressees. The unauthorized >> disclosure, use, dissemination or copying (either whole or partial) of >> this e-mail, or any information it contains, is prohibited. E-mails are >> susceptible to alteration and their integrity cannot be guaranteed. The >> issuing party shall not be liable for this e-mail if modified or >> falsified. >> >> >> >> <http://www.linkedin.com/in/kamranshakil> >> >> >> >> >> >> From: [email protected] >> [mailto:[email protected]] On Behalf Of Aaron >> O'Conner >> Sent: Monday, November 21, 2011 8:46 AM >> To: parvez ahmad; FNK >> Cc: [email protected] >> Subject: Re: [OSL | CCIE_Security] Protecting ASA Firewall >> >> >> >> I would find out the IPs that the worm is trying to send data to, and >> route those to 127.0.0.1 as suggested FNK. That would take the load off >> of the firewall. If it's a Windows machine, use the built in firewall >> to deny traffic to those IPs. >> >> >> >> Aaron >> >> >> >> From: [email protected] >> [mailto:[email protected]] On Behalf Of parvez >> ahmad >> Sent: Sunday, November 20, 2011 8:31 PM >> To: FNK >> Cc: [email protected] >> Subject: Re: [OSL | CCIE_Security] Protecting ASA Firewall >> >> >> >> PC is sending packet to multiple destination IPs(online zombies). >> >> >> >> Regards, >> >> Parvez >> >> On Mon, Nov 21, 2011 at 1:29 AM, FNK <[email protected]> wrote: >> >> Is there any layer 3 or router between the firewall and pc? If yes then >> put a null route for the destination of the syn flood on the router. >> The Packet will never reach the firewall >> >> >> FNK >> Sent from an iPhone >> >> >> >> On Nov 20, 2011, at 12:24, parvez ahmad <[email protected]> >> wrote: >> >>> Hi All, >>> >>> We have host that is compromised by worm. That PC is sending >> significant amount of traffic towards the firewall(Syn Flood). Most of >> the packets are denied by firewall. But it is consuming CPU and Memory >> of the firewall. Due the dependence of the vendor we can't disconnect >> the PC from the network. >>> >>> In this case i want my firewall to stable, In other words that >> firewall will not process any packet that is coming from that PC. >>> >>> There is only one way to achieve this task by using command Shun(IP >> address of PC). or there is any other way as well. >>> >>> Thanks in advance. >>> >>> Regards, >>> Parvez >> >>> _______________________________________________ >>> For more information regarding industry leading CCIE Lab training, >> please visit www.ipexpert.com >>> >>> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> >> >> >> > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > -- FNK _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
