If the PCs are connected through a Catalyst 6000/6500 running Cat OS (not Native IOS) then you can use NAC (in v4.x) or managed (in v3.x) to create Vlan ACLs directly on the supervisor of the Cat (you specify the vlan).
When the sensor creates the Vlan ACL it will deny the entire IP of the attacker for the alarm.
If the PC is directly connected to the switch on that vlan then all packets to and from that PC's ip address will be denied.
If the PC is connected to a Hub or other switch, or other vlan. Then the packets with that PCs source or destination IP will be denied if those packets go through the vlan where the VACL is applied.
The auto created VACLs will not stop the initial packets of the attack and will not stop the packet that triggered the alarm. The VACLs will only stop additional packets.
The traditional shun/block will block the entire IP, but there is also a new shun/block Connection option in version 4.x. The new shun/block connection option will block based on the attackers IP, and the Destinations IP and Port. This type of shun blocks any additional packets on that connection, and prevents new connections from the attacker to the same service port on the destination. But still allows other packets to and from the client.
Though be aware that multiple connection shuns with the same attacker will result in a complete shun of the attackers ip.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...