cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
514
Views
0
Helpful
3
Replies

hacker attacks

Arup Dutta
Level 1
Level 1

Hi All,          i face a big problem that are continuing attack from the outside into my network. we identified that public ip but cant recognises it. so please hep me out how i can prevent this attacking.  i appreciate you comments

3 Replies 3

Hi,

If you have identified the public IP of the attacker (and it's only that IP), one option is to shun or block that IP.

Depending on the device that you have for protection, you can use the shun command or an ACL.

Federico.

Also you can use whois services from arin's and ripe's websites to get more info on who the attacker is.

You want to block the attack as close to the source as possible, so blocking him on your upstream router or asking you ISP to do it would be the best thing to do.

I hope it helps.

PK

Arup,

Most ISPs have an RTBH setup already in place: http://ciscosystems.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6642/prod_white_paper0900aecd80313fac.pdf

Just call them and give them the public IP that is sending this malicious traffic and they will route it to null. You won't even see these IPs hitting your outisde interface.

-KS

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: