Block IP Subnet from FTP attack

Unanswered Question
Jun 25th, 2009
User Badges:

Pix 501 I have a device that I 1 - 1 translate from a private to a public so it can be accessed by techs off site. There is someone with an FTP attack on this public IP. Is there a way to block this Subnet from accessing the device?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Thu, 06/25/2009 - 12:47
User Badges:
  • Purple, 4500 points or more

You bet. Let's assume they are coming from 75.50.95.72 /29 network.


access-list outside_access deny tcp 75.50.95.72 255.255.255.248 any eq ftp


You will need to put this above the permit FTP statement.

kwillacey Fri, 06/26/2009 - 10:08
User Badges:
  • Bronze, 100 points or more

Collin's way can work but what if the attacker changes their address. If possible you should get the IP addresses of the persons that are allowed to connect and change your access list to permit those addresses and block everything else.

Actions

This Discussion