04-06-2010 11:59 PM - edited 03-11-2019 10:29 AM
Hi All, i face a big problem that are continuing attack from the outside into my network. we identified that public ip but cant recognises it. so please hep me out how i can prevent this attacking. i appreciate you comments
04-07-2010 06:25 AM
Hi,
If you have identified the public IP of the attacker (and it's only that IP), one option is to shun or block that IP.
Depending on the device that you have for protection, you can use the shun command or an ACL.
Federico.
04-07-2010 07:43 AM
Also you can use whois services from arin's and ripe's websites to get more info on who the attacker is.
You want to block the attack as close to the source as possible, so blocking him on your upstream router or asking you ISP to do it would be the best thing to do.
I hope it helps.
PK
04-07-2010 08:25 AM
Arup,
Most ISPs have an RTBH setup already in place: http://ciscosystems.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6642/prod_white_paper0900aecd80313fac.pdf
Just call them and give them the public IP that is sending this malicious traffic and they will route it to null. You won't even see these IPs hitting your outisde interface.
-KS
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: