[c-nsp] ASA/PIX shun "feature"
Jeff Kell
jeff-kell at utc.edu
Fri Apr 7 18:00:34 EDT 2006
Laurent Geyer wrote:
>
>
> On 4/7/06, *Jeff Kell* <jeff-kell at utc.edu <mailto:jeff-kell at utc.edu>>
> wrote:
>
> Here's some food for thought, especially for anyone using "shun"
> as a perimeter defense.
>
> If you're being attacked by an IP, you apply a "shun" and no more
> traffic traverses a PIX/ASA with that source IP. Or so I thought.
>
>
> Right, the expected behavior is for the src IP address to be
> filtered and the existing connections sourced from that host
> to be removed from the connection table.
They say that happens *if* you fully qualify the shun (source/dest
IP/port proto).
Jeff
More information about the cisco-nsp
mailing list