Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

hacker attacks

Hi All,                  i am facing  a big problem that are continuing attack from the outside into my network. we identified that public ip but cant recognises it. so please help me out how i can prevent this attacking.    i appreciate you comments

7 REPLIES
New Member

Re: hacker attacks

A bit more information would be useful! That's like saying "my car isn't working... how do I fix it?"

Chris

Hall of Fame Super Gold

Re: hacker attacks

Go to this website and enter the IP Address (http://whois.domaintools.com).  Now you know where it came from.

New Member

Re: hacker attacks

Hi,

Thank you for your quick reply but the thing like that i want to block

this particular ip attack into my firewall so that it never happen again.

can i do ?

On Wed, Apr 7, 2010 at 1:26 PM, leolaohoo <

Hall of Fame Super Gold

Re: hacker attacks

What is your firewall???  More info please.

New Member

Re: hacker attacks

Hi,

i have cisco ASA 5510. i would like to stop attacking from this

particular IP how i can do it .

please help me.

On Wed, Apr 7, 2010 at 1:59 PM, leolaohoo <

Hall of Fame Super Blue

Re: hacker attacks

Arup

access-list outside_in deny ip host any

access-group outside_in in interface outside

Couple of things -

1) you may already have an access-list on your outside interface so just add the first line above to the access-list

2) Ideally if you manage the border router ie. the router beyond your firewall that connects to your ISP you would want to apply the acl there.

Jon

Re: hacker attacks

Hi,

blocking one particular ip on your FW or router will not make the attack never happen again.

If this is a real hacker attack, the hacker might be using some botnet. So there's no problem to use another "slave" PC and continue with the attack from a different source IP address.

Blocking one IP address would bring you only a short time.

What you need is analysing what kind of attack is used. And deploying some IPS blocking this kind of attack from any source address dynamically.

BR,

Milan

238
Views
0
Helpful
7
Replies
CreatePlease to create content