Could you identify more precisely what DDoS attack it is? is it sourced
from server real address? If those are spoofed source IP addresses you
could filter on them.
A.
On 7/1/2012 12:10 AM, Parvez Ahmad wrote:
Hi,
A server has been compromised and sending malicious traffic towards
the zombies (DDOS) Attack(Thousands of connection), This host is
behind the ASA.
Due to some constraint, The server can not be unpluged form the
network. It is taking high CPU and RAM of ASA and legitimate
connections getting delay.
Adminstrator run the the below two commands to protect ASA/Drop the
connection.
1. Shun....IP Address of server.
2. Deny ACL(Source- compromised host and destination- ANY)
3. MPF with "Set connection"
Is there any way to protect the ASA infrastucture from this type of
attack?If not, Let us know with method is best among the above 3 options.
Regards,
Parvez
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
