Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

How to prevent attack from a remote host

Hi there,

I have attach a diagram of dmz setup using a cisco soho router, cisco IPS, cisco asa. I want to know how i can stop an attacker. currently from IPS i can block a host. But even i block the host from IPS, i still get alerts from that attacker IP address. I think its because even I block that attacker from IPS that attacker still can reach IPS interface before getting droped.This can still cause our hosted services to be down. So isit possible i can block the attacker IP address from the router and then IPS and at last from ASA? In this way there will be slight chance of success for that attacker. And our hosted services wont be down.

IF so how can i add a rule to block a attacker ip address on cisco soho 78 router and then ASA?

2 REPLIES
Cisco Employee

Re: How to prevent attack from a remote host

If you're positive it's an attack you can contact your ISP to blackhole the traffic on their edge.

If you want you can filter that IP on most modern router with simple access-list on interface - access-group as it's called in Cisco world.

How it's done on SOHO routers ... well ...

http://www.cisco.com/en/US/docs/routers/access/800/820/software/configuration/guide/routconf.html

Cisco Employee

Re: How to prevent attack from a remote host

Hello,

Marcin is right, also you can use the shun command on the ASA firewall if the host is already identified.

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/s8_72.html#wp1205547

If not identified you can use an MPF on the ASA firewall or an IOS inspect policy on the router to identify Embryoninc connections for possible attacks.

Hope this helps.

Mike

Mike
448
Views
0
Helpful
2
Replies