Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
292
Views
0
Helpful
1
Replies

Under Attack. IP spoof

imranraheel
Level 1
Level 1

‎03-06-2014 10:56 AM - edited ‎03-11-2019 08:54 PM

I have a Cisco ASA 5520 , today a strange thing happened when we were attacked by an IP 64.62.238.46. Below are the logs from ASA

<138>Mar 06 2014 13:52:20 ASA : %ASA-2-106016: Deny IP spoof from (226.181.118.151) to 64.62.238.46 on interface inside

The Specified IP doesnt belong to us or any inside IP.

I have blocked this IP inbound/outbound and i can see the logs , but CPU is still high.

What can I do here

Labels:
0 Helpful
1 Reply 1

johnlloyd_13
Level 9
Level 9

‎03-06-2014 05:47 PM

Hi,

You can use the 'shun' command from ASA privileged EXEC mode to manually block the attacking IP:

# shun 64.62.238.46

Sent from Cisco Technical Support iPhone App

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card