To check the database of hosts registered by shun, use the following command: ciscoasa(config)# show shun shun (outside) 192.168.89.1 0.0.0.0 0 0 0
Below are the messages displayed when the packets are discarded by shun.
%ASA-4-401004: Shunned packet: 192.168.89.1 ==> 192.168.89.100 on interface outside %ASA-3-313001: Denied ICMP type=8, code=0 from 192.168.89.1 on interface outside
To delete addresses registered by shun, use the following command: ciscoasa(config)# clear shun %ASA-4-401001: Shuns cleared
Note that because shun was not originally intended for permanent effects, the addresses registered by shun are not saved in the settings, and are deleted when you restart ASA.
To block communication from a specific attacker using IOS, use Unicast RPF (Unicast Reverse Path Forwarding) in strict mode together with the static route pointing to the null 0 interface.Originally, RPF was a function for checking whether packets were coming from the expected next-hop by looking up the routing table.When you enable Unicast RPF in strict mode, if the route output interface for the source address of a packet received by the router is the null 0 interface, the packet will be discarded.For details of Unicast RPF, refer to the following document: