Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

ASA Botnet Traffic Filter feature License behavior

What is Botnet Traffic?

Botnet traffic is an artificial traffic generated from thousand of infected zombies PCs - some botnet may count more than one million PCs - and aiming, among other things, at generating fraudulent advertising revenue through click fraud and impression fraud.

Zombie PCs are a "mafia practice" by which PCs are hacked with trojan horse programs. Visits and clicks are made on the PC without the owner being aware. Even if a user was sitting at the computer, he would not see the hidden browser.

In February 2013, Spider.io discovered a botnet called Chameleon which emulated human visitors on 202 selected websites. According to Spider.io estimates:

  • Chameleon counted 120 000 of host machines
  • the botnet caused 9 billions of display ad impressions to be served per month to infected PCs
  • the botnet generated an average click-through rate of 0.02%
  • the monthly cost to advertisers of ad impressions served to the botnet was at least $6.2 million.

Question:

What happens when the Adaptive Security Appliance (ASA) has the Botnet Traffic Filter License that has expired after it's valid term of one year? Does the Botnet Traffic Filter feature work as it did when the License was active?

Answer:

No. The Botnet Traffic Filter feature gets disabled when the license expires and so you will no longer be able to block any traffic and the ASA will function without the traffic filter enabled.

Refer  to Configuring the Botnet Traffic Filter for more information on how configure the Botnet Traffic Filter feature on ASA.

Source: https://supportforums.cisco.com/thread/2055662?tstart=0

Comments
Community Member

Take care if you have it on HA (failover). When the first license expires, that appliance differs to the other one and the failover gets disabled!. One goes for failover disabled and second one to failover-pseudo-disabled. You wont have HA and you have to renew the botnet license. As soon you applied back to the 2 appliances, and restore the failover on the primary, the secondary comes back automatically (from pseudo-failover to secondary-active-ready).

hopes it helps

2903
Views
0
Helpful
1
Comments