Block IP Subnet from FTP attack

Unanswered Question
Jun 25th, 2009

Pix 501 I have a device that I 1 - 1 translate from a private to a public so it can be accessed by techs off site. There is someone with an FTP attack on this public IP. Is there a way to block this Subnet from accessing the device?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Thu, 06/25/2009 - 12:47

You bet. Let's assume they are coming from 75.50.95.72 /29 network.

access-list outside_access deny tcp 75.50.95.72 255.255.255.248 any eq ftp

You will need to put this above the permit FTP statement.

kwillacey Fri, 06/26/2009 - 10:08

Collin's way can work but what if the attacker changes their address. If possible you should get the IP addresses of the persons that are allowed to connect and change your access list to permit those addresses and block everything else.

Actions

This Discussion