I have identified a few malicious IP's that are constantly hammering our web server. To block them I create an access rule for the outside interface, source ip is the malicious ip, destination is any, service is tcp-udp 1-65535 action is deny. Is this a proper way to block a malicious ip? I have been given an impression that they are more complicated and that it's not done properly.
if you use "deny ip" that covers all the tcp/udp ports + ICMP etc.
Bear in mind that is easy to spoof a source IP address so if you are going to block IP addresses be careful that you are sure you want to block them otherwise you could end up denying access to your web server from valid clients.
hmmmm,... I see. I understand. What would the process look like of banning someone then? What I'm going by is when I see xx packets from an IP in the top usage chart, I look that up in the access log and if it looks bad I am now banning the IP by 'deny IP'.
Secondly, do you know how to exclude some IP's from the Top Usage chart? Or do you know how I can view a large usage list? Maybe using the CLI?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :