08-11-2008 06:48 AM - edited 03-11-2019 06:29 AM
So with scanning and syn attacks pretty much enabled, I'm left with one other detail of how to stop abusive scrappers, crawlers, etc. Has anyone been able to utilize the ASA to stop these type of activiaties? I'm currently doing it manually by reacting to an IP that begins to show up in the top 10 usage list. The abusers basically make obscene amount of HTTP requests and having the ASA automatically proactively detect a scrapper and block them would be great.
Anyone have insight on this?
Solved! Go to Solution.
08-11-2008 06:20 PM
The approach you follow is the one commonly used. The bad-guys (bad robots) really don't follow any specific rules to setup an effective policy for them.
http://www.robotstxt.org/faq/prevent.html
http://www.robotstxt.org/faq/blockjustbad.html
Regards
Farrukh
08-12-2008 05:22 AM
You could use an AIP (intrusion prevention) module in your ASA. You would probably have to create a custom signature, but that's not too hard.
http://www.cisco.com/en/US/products/ps6825/index.html
Hope that helps.
08-12-2008 07:06 AM
Till version 4.x you could install signature updates without any license I think. But since Cisco got serious about writing signatures they started charging money for it (which is reasonable and done by all vendors). It takes a dedicated team to monitor the newest threats, then code a signature for it and then test it. And then tune it if customers complain :).
And yes to be able to keep up with the latest attacks you need signature updates. You can look at 'Snort' if cost is an issue.
Regards
Farrukh
08-11-2008 06:20 PM
The approach you follow is the one commonly used. The bad-guys (bad robots) really don't follow any specific rules to setup an effective policy for them.
http://www.robotstxt.org/faq/prevent.html
http://www.robotstxt.org/faq/blockjustbad.html
Regards
Farrukh
08-12-2008 05:22 AM
You could use an AIP (intrusion prevention) module in your ASA. You would probably have to create a custom signature, but that's not too hard.
http://www.cisco.com/en/US/products/ps6825/index.html
Hope that helps.
08-12-2008 06:01 AM
They mentioned on the phone that there is a contract that is included with the purchase. Sounds great. But once the service contract expires do I really need to continue paying them? Or can I create myself a signature file? Is a contract really required to maintain this expensive piece of hardware?
08-12-2008 07:06 AM
Till version 4.x you could install signature updates without any license I think. But since Cisco got serious about writing signatures they started charging money for it (which is reasonable and done by all vendors). It takes a dedicated team to monitor the newest threats, then code a signature for it and then test it. And then tune it if customers complain :).
And yes to be able to keep up with the latest attacks you need signature updates. You can look at 'Snort' if cost is an issue.
Regards
Farrukh
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: