ogdini
asked on
How do I block an attacking host/network (or the whole of China?!) using a Cisco 506e
Our dedicated server located at a hosting company in the UK is being probed regularly (automated?) by a few machines located in China. I would like to know how to block them.
The server hosts a https website and MS Sql database.
I have the attackers IP addresses and the computer names they are using.
I have access to the Cisco 506E using PIX.
Can I add a filter to block all their IP addresses? The majority come from 219.153.*.* and 222.73.*.*
Much appreciate any help you can provide.
regards,
Howard
The server hosts a https website and MS Sql database.
I have the attackers IP addresses and the computer names they are using.
I have access to the Cisco 506E using PIX.
Can I add a filter to block all their IP addresses? The majority come from 219.153.*.* and 222.73.*.*
Much appreciate any help you can provide.
regards,
Howard
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Create an object-group
object-group network BLOCKEDHOSTS
network-object 219.153.0.0 255.255.0.0
network-object 222.73.0.0 255.255.0.0
Apply the object group to the acl:
access-list outside_access_in deny ip object-group BLOCKEDHOSTS any
This way, all you have to do is add/subtract network objects from the group and not mess with the acl. Couple mouse clicks in the PDM, or very simple command line