How do I block an attacking host/network (or the whole of China?!) using a Cisco 506e

Our dedicated server located at a hosting company in the UK is being probed regularly (automated?) by a few machines located in China. I would like to know how to block them.
The server hosts a https website and MS Sql database.
I have the attackers IP addresses and the computer names they are using.
I have access to the Cisco 506E using PIX.
Can I add a filter to block all their IP addresses? The majority come from 219.153.*.* and 222.73.*.*
Much appreciate any help you can provide.
regards,

Howard
ogdiniAsked:
Who is Participating?
 
lrmooreConnect With a Mentor Commented:
Just block those networks:
Add this to the top of the existing inbound acl:

access-list outside_access_in deny ip 219.153.0.0 255.255.0.0 any
access-list outside_access_in deny ip 222.73.0.0 255.255.0.0 any
0
 
lrmooreCommented:
Here's an alternative.
Create an object-group
 
object-group network BLOCKEDHOSTS
   network-object 219.153.0.0 255.255.0.0
   network-object 222.73.0.0 255.255.0.0

Apply the object group to the acl:
 access-list outside_access_in deny ip object-group BLOCKEDHOSTS any

This way, all you have to do is add/subtract network objects from the group and not mess with the acl. Couple mouse clicks in the PDM, or very simple command line
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.