Block IP Subnet from FTP attack

Unanswered Question
Jun 25th, 2009
User Badges:

Pix 501 I have a device that I 1 - 1 translate from a private to a public so it can be accessed by techs off site. There is someone with an FTP attack on this public IP. Is there a way to block this Subnet from accessing the device?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Collin Clark Thu, 06/25/2009 - 12:47
User Badges:
  • Purple, 4500 points or more

You bet. Let's assume they are coming from /29 network.

access-list outside_access deny tcp any eq ftp

You will need to put this above the permit FTP statement.

kwillacey Fri, 06/26/2009 - 10:08
User Badges:
  • Bronze, 100 points or more

Collin's way can work but what if the attacker changes their address. If possible you should get the IP addresses of the persons that are allowed to connect and change your access list to permit those addresses and block everything else.


This Discussion