How do I block an attacking host/network (or the whole of China?!) using a Cisco 506e

Posted on 2007-10-10
Last Modified: 2010-10-13
Our dedicated server located at a hosting company in the UK is being probed regularly (automated?) by a few machines located in China. I would like to know how to block them.
The server hosts a https website and MS Sql database.
I have the attackers IP addresses and the computer names they are using.
I have access to the Cisco 506E using PIX.
Can I add a filter to block all their IP addresses? The majority come from 219.153.*.* and 222.73.*.*
Much appreciate any help you can provide.

Question by:ogdini
    LVL 79

    Accepted Solution

    Just block those networks:
    Add this to the top of the existing inbound acl:

    access-list outside_access_in deny ip any
    access-list outside_access_in deny ip any
    LVL 79

    Expert Comment

    Here's an alternative.
    Create an object-group
    object-group network BLOCKEDHOSTS

    Apply the object group to the acl:
     access-list outside_access_in deny ip object-group BLOCKEDHOSTS any

    This way, all you have to do is add/subtract network objects from the group and not mess with the acl. Couple mouse clicks in the PDM, or very simple command line

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers outbound connectivity only.  The ASA does not have built…
    From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now