Cisco Support Community
Community Member

denying attacking IP on PIX

can someone please confirm or correct me on this. i have an IP addy that has been scanning my network off/on for a few hours. i have already contacted the administrator for this IP's network(a college campus) via email and left him a voicemail, but have not heard back yet. i want to completely deny this IP until i have spoken with this admin and addressed this issue. i am not positive that i am entering the correct command, so if someone could confirm the command i would appreciate it. TIA

access-list 110 deny tcp host x.x.x.x any


Re: denying attacking IP on PIX

Use IP, not just tcp: "access-list 110 deny ip host x.x.x.x any"

Also look into the "shun" command: .

Use the "icmp" command if you want your PIX to not be pinged (can block all icmp as well) any more as well: .

Hope it helps.


Community Member

Re: denying attacking IP on PIX

For the access list you may want to deny ip, instead of just tcp. You'll also need to apply the access list to the interface:

access-group 110 in interface outside

You can only have one access list applied to an interface at a time, so if you already have one on the outside interface, you'll have to combine the two.


CreatePlease to create content