Hi, The source is Compromised server.It is sending the traffic(ICMP,TCP and UDP flood) towards the public IPs( Online Bots).
ASA is running with the version of 8.3 but do not have bot license. Regards, Parvez On Sun, Jul 1, 2012 at 4:54 AM, Alexei Monastyrnyi <[email protected]>wrote: > Could you identify more precisely what DDoS attack it is? is it sourced > from server real address? If those are spoofed source IP addresses you > could filter on them. > > A. > > > On 7/1/2012 12:10 AM, Parvez Ahmad wrote: > > Hi, > > A server has been compromised and sending malicious traffic towards the > zombies (DDOS) Attack(Thousands of connection), This host is behind the ASA. > > Due to some constraint, The server can not be unpluged form the network. > It is taking high CPU and RAM of ASA and legitimate connections getting > delay. > > Adminstrator run the the below two commands to protect ASA/Drop the > connection. > > 1. Shun....IP Address of server. > 2. Deny ACL(Source- compromised host and destination- ANY) > 3. MPF with "Set connection" > > Is there any way to protect the ASA infrastucture from this type of > attack?If not, Let us know with method is best among the above 3 options. > > Regards, > Parvez > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
