Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
595
Views
0
Helpful
4
Replies

Protecting a website & business

Go to solution
netperception
Level 1
Level 1

‎08-11-2008 06:48 AM - edited ‎03-11-2019 06:29 AM

So with scanning and syn attacks pretty much enabled, I'm left with one other detail of how to stop abusive scrappers, crawlers, etc. Has anyone been able to utilize the ASA to stop these type of activiaties? I'm currently doing it manually by reacting to an IP that begins to show up in the top 10 usage list. The abusers basically make obscene amount of HTTP requests and having the ASA automatically proactively detect a scrapper and block them would be great.

Anyone have insight on this?

Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
Farrukh Haroon
VIP Alumni
VIP Alumni

‎08-11-2008 06:20 PM

The approach you follow is the one commonly used. The bad-guys (bad robots) really don't follow any specific rules to setup an effective policy for them.

http://www.robotstxt.org/faq/prevent.html

http://www.robotstxt.org/faq/blockjustbad.html

Regards

Farrukh

View solution in original post

0 Helpful

Go to solution
Collin Clark
VIP Alumni
VIP Alumni
In response to Farrukh Haroon

‎08-12-2008 05:22 AM

You could use an AIP (intrusion prevention) module in your ASA. You would probably have to create a custom signature, but that's not too hard.

http://www.cisco.com/en/US/products/ps6825/index.html

Hope that helps.

View solution in original post

0 Helpful

Go to solution
Farrukh Haroon
VIP Alumni
VIP Alumni
In response to netperception

‎08-12-2008 07:06 AM

Till version 4.x you could install signature updates without any license I think. But since Cisco got serious about writing signatures they started charging money for it (which is reasonable and done by all vendors). It takes a dedicated team to monitor the newest threats, then code a signature for it and then test it. And then tune it if customers complain :).

And yes to be able to keep up with the latest attacks you need signature updates. You can look at 'Snort' if cost is an issue.

Regards

Farrukh

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Farrukh Haroon
VIP Alumni
VIP Alumni

‎08-11-2008 06:20 PM

The approach you follow is the one commonly used. The bad-guys (bad robots) really don't follow any specific rules to setup an effective policy for them.

http://www.robotstxt.org/faq/prevent.html

http://www.robotstxt.org/faq/blockjustbad.html

Regards

Farrukh

0 Helpful

Go to solution
Collin Clark
VIP Alumni
VIP Alumni
In response to Farrukh Haroon

‎08-12-2008 05:22 AM

You could use an AIP (intrusion prevention) module in your ASA. You would probably have to create a custom signature, but that's not too hard.

http://www.cisco.com/en/US/products/ps6825/index.html

Hope that helps.

0 Helpful

Go to solution
netperception
Level 1
Level 1
In response to Collin Clark

‎08-12-2008 06:01 AM

They mentioned on the phone that there is a contract that is included with the purchase. Sounds great. But once the service contract expires do I really need to continue paying them? Or can I create myself a signature file? Is a contract really required to maintain this expensive piece of hardware?

0 Helpful

Go to solution
Farrukh Haroon
VIP Alumni
VIP Alumni
In response to netperception

‎08-12-2008 07:06 AM

Till version 4.x you could install signature updates without any license I think. But since Cisco got serious about writing signatures they started charging money for it (which is reasonable and done by all vendors). It takes a dedicated team to monitor the newest threats, then code a signature for it and then test it. And then tune it if customers complain :).

And yes to be able to keep up with the latest attacks you need signature updates. You can look at 'Snort' if cost is an issue.

Regards

Farrukh

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card