Protecting a website & business

Answered Question
Aug 11th, 2008
User Badges:

So with scanning and syn attacks pretty much enabled, I'm left with one other detail of how to stop abusive scrappers, crawlers, etc. Has anyone been able to utilize the ASA to stop these type of activiaties? I'm currently doing it manually by reacting to an IP that begins to show up in the top 10 usage list. The abusers basically make obscene amount of HTTP requests and having the ASA automatically proactively detect a scrapper and block them would be great.


Anyone have insight on this?

Correct Answer by Farrukh Haroon about 8 years 11 months ago

Till version 4.x you could install signature updates without any license I think. But since Cisco got serious about writing signatures they started charging money for it (which is reasonable and done by all vendors). It takes a dedicated team to monitor the newest threats, then code a signature for it and then test it. And then tune it if customers complain :).


And yes to be able to keep up with the latest attacks you need signature updates. You can look at 'Snort' if cost is an issue.


Regards


Farrukh

Correct Answer by Collin Clark about 8 years 11 months ago

You could use an AIP (intrusion prevention) module in your ASA. You would probably have to create a custom signature, but that's not too hard.


http://www.cisco.com/en/US/products/ps6825/index.html


Hope that helps.

Correct Answer by Farrukh Haroon about 8 years 11 months ago

The approach you follow is the one commonly used. The bad-guys (bad robots) really don't follow any specific rules to setup an effective policy for them.


http://www.robotstxt.org/faq/prevent.html


http://www.robotstxt.org/faq/blockjustbad.html


Regards


Farrukh

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.7 (3 ratings)
Loading.
netperception Tue, 08/12/2008 - 06:01
User Badges:

They mentioned on the phone that there is a contract that is included with the purchase. Sounds great. But once the service contract expires do I really need to continue paying them? Or can I create myself a signature file? Is a contract really required to maintain this expensive piece of hardware?

Correct Answer
Farrukh Haroon Tue, 08/12/2008 - 07:06
User Badges:
  • Red, 2250 points or more

Till version 4.x you could install signature updates without any license I think. But since Cisco got serious about writing signatures they started charging money for it (which is reasonable and done by all vendors). It takes a dedicated team to monitor the newest threats, then code a signature for it and then test it. And then tune it if customers complain :).


And yes to be able to keep up with the latest attacks you need signature updates. You can look at 'Snort' if cost is an issue.


Regards


Farrukh

Actions

This Discussion