[c-nsp] Shunning Traffic on ASA's

Christian Koch christian at visr.org
Mon Feb 11 09:51:03 EST 2008


im looking at this as sort of an "emergency/incident" tool...

Hypothetical situation - customer A calls, please block attacking ip x.x.x.x,
im thinking - do i want to use objects groups for "dirty ip's" and add to a
deny ACL or do i want to just shun it...



On Feb 11, 2008 9:39 AM, Ramcharan, Vijay A <
vijay.ramcharan at verizonbusiness.com> wrote:

> In your situation, what is/are the implication(s)/ramification(s) of
> having the firewall start shunning traffic to/from legitimate sources
> which may have been identified as malicious?
> I think that might indicate whether you should or shouldn't implement
> it.
>
> From a technical and practical perspective, I can't provide any feedback
> as I've never implemented it.
>
> Vijay Ramcharan
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Christian Koch
> Sent: February 11, 2008 09:16
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] Shunning Traffic on ASA's
>
> Does anyone actually use this?
>
> IS there any reasons NOT to use it?
>
> Advantages/Disadvantages of using it?
>
> I've never used it myself, but am wondering if it is a decent quick way
> to
> mitigate attacking ip's
>
> Thanks!
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list