Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Cisco ASA - Shun IPs/Auto update/Threatstop/Dshield

Anyone using a service such as Threatstop to automatically update their SHUN rules to block the top x offending source IPs? If so, comments, suggestions?

1 REPLY
Silver

Re: Cisco ASA - Shun IPs/Auto update/Threatstop/Dshield

The shun command allows you to apply a blocking function to the interface receiving the attack. Packets containing the IP source address of the attacking host are dropped and logged until the blocking function is removed manually or by the Cisco IPS master module. No traffic from the IP source address is allowed to traverse the security appliance. Any remaining connections time out as part of the normal architecture. The blocking function of the shun command is applied whether or not a connection with the specified host address is currently active.

If you use the shun command only with the source IP address of the host, then the default is 0. No further traffic from the offending host is allowed.

1568
Views
0
Helpful
1
Replies
CreatePlease to create content