[c-nsp] Shunning Traffic on ASA's

Roland Dobbins rdobbins at cisco.com
Mon Feb 11 09:54:52 EST 2008


On Feb 11, 2008, at 9:51 PM, Christian Koch wrote:

> Hypothetical situation - customer A calls, please block attacking ip  
> x.x.x.x,
> im thinking - do i want to use objects groups for "dirty ip's" and  
> add to a
> deny ACL or do i want to just shun it..

S/RTBH would probably be a better option for this, on your edge routers.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at cisco.com> // +66.83.266.6344 mobile

      If you don't know what to do, it's harder to do it.

                    -- Malcom Forbes





More information about the cisco-nsp mailing list