Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1751
Views
0
Helpful
1
Replies

Cisco ASA - Shun IPs/Auto update/Threatstop/Dshield

trippi
Level 1
Level 1

‎03-20-2009 08:08 AM - edited ‎03-11-2019 08:08 AM

Anyone using a service such as Threatstop to automatically update their SHUN rules to block the top x offending source IPs? If so, comments, suggestions?

Labels:
0 Helpful
1 Reply 1

carenas123
Level 5
Level 5

‎03-26-2009 02:37 PM

The shun command allows you to apply a blocking function to the interface receiving the attack. Packets containing the IP source address of the attacking host are dropped and logged until the blocking function is removed manually or by the Cisco IPS master module. No traffic from the IP source address is allowed to traverse the security appliance. Any remaining connections time out as part of the normal architecture. The blocking function of the shun command is applied whether or not a connection with the specified host address is currently active.

If you use the shun command only with the source IP address of the host, then the default is 0. No further traffic from the offending host is allowed.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card