Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Protecting a website & business

So with scanning and syn attacks pretty much enabled, I'm left with one other detail of how to stop abusive scrappers, crawlers, etc. Has anyone been able to utilize the ASA to stop these type of activiaties? I'm currently doing it manually by reacting to an IP that begins to show up in the top 10 usage list. The abusers basically make obscene amount of HTTP requests and having the ASA automatically proactively detect a scrapper and block them would be great.

Anyone have insight on this?

3 ACCEPTED SOLUTIONS

Accepted Solutions

Re: Protecting a website & business

The approach you follow is the one commonly used. The bad-guys (bad robots) really don't follow any specific rules to setup an effective policy for them.

http://www.robotstxt.org/faq/prevent.html

http://www.robotstxt.org/faq/blockjustbad.html

Regards

Farrukh

Re: Protecting a website & business

You could use an AIP (intrusion prevention) module in your ASA. You would probably have to create a custom signature, but that's not too hard.

http://www.cisco.com/en/US/products/ps6825/index.html

Hope that helps.

Re: Protecting a website & business

Till version 4.x you could install signature updates without any license I think. But since Cisco got serious about writing signatures they started charging money for it (which is reasonable and done by all vendors). It takes a dedicated team to monitor the newest threats, then code a signature for it and then test it. And then tune it if customers complain :).

And yes to be able to keep up with the latest attacks you need signature updates. You can look at 'Snort' if cost is an issue.

Regards

Farrukh

4 REPLIES

Re: Protecting a website & business

The approach you follow is the one commonly used. The bad-guys (bad robots) really don't follow any specific rules to setup an effective policy for them.

http://www.robotstxt.org/faq/prevent.html

http://www.robotstxt.org/faq/blockjustbad.html

Regards

Farrukh

Re: Protecting a website & business

You could use an AIP (intrusion prevention) module in your ASA. You would probably have to create a custom signature, but that's not too hard.

http://www.cisco.com/en/US/products/ps6825/index.html

Hope that helps.

New Member

Re: Protecting a website & business

They mentioned on the phone that there is a contract that is included with the purchase. Sounds great. But once the service contract expires do I really need to continue paying them? Or can I create myself a signature file? Is a contract really required to maintain this expensive piece of hardware?

Re: Protecting a website & business

Till version 4.x you could install signature updates without any license I think. But since Cisco got serious about writing signatures they started charging money for it (which is reasonable and done by all vendors). It takes a dedicated team to monitor the newest threats, then code a signature for it and then test it. And then tune it if customers complain :).

And yes to be able to keep up with the latest attacks you need signature updates. You can look at 'Snort' if cost is an issue.

Regards

Farrukh

237
Views
0
Helpful
4
Replies
CreatePlease to create content