asked on

Cisco ASA 5510 showing a lot of traffic pointed to one IP

Hello,

I did a show threat-detection statistics top host on my firewall. Attachesd is a screenshot, as you can see at the top. My top threat is 8.12.196.126 could be in reverse, not sure. It is pointing over to some japenese site. We currently have no business over there.

As you can see it is pointing back to an internal IP of one of our upper level managements PC's. This is a personal laptop. What would be the best way to stop this connection? Would it be to just ban the public IP on the OUTSIDE/INSIDE interface. I am pretty new at Cisco.

Thanks for your help.
asa.jpg

Svet Paperov

I would check the PC for malwares. Unles you don't have some special allowing rule on the firewall, this is a connection open from inside.

sethendres

ASKER

I can see that is has a very high port number. This individual will not allow me to inspect the PC even though I am the admin. The individual is hugh on adult related content and the PC is saturated with the content and it is always being plugged into my network. I would like to stop it. Do I just need to close the ports on that subnet?

Svet Paperov

Sorry to hear. Yes you can just block the IP address on the firewall outside interface but this will not solve the problem in long term. Eventually you will end up blocking the whole Internet

sethendres

ASKER

Could you please tell me the command to block the IP?

Thanks

Svet Paperov

If you already have access lists on the outside interface, you just need to add another line or use the ASDM. If you never have use CLI go with ASDM otherwise you could break your configuration

sethendres

ASKER

All configurations have been done through the CLI

ASKER CERTIFIED SOLUTION

Svet Paperov

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial