?
Solved

Cisco ASA 5510 showing a lot of traffic pointed to one IP

Posted on 2011-04-22
7
Medium Priority
?
654 Views
Last Modified: 2012-12-19
Hello,

I did a show threat-detection statistics top host on my firewall. Attachesd is a screenshot, as you can see at the top. My top threat is 8.12.196.126 could be in reverse, not sure. It is pointing over to some japenese site. We currently have no business over there.

As you can see it is pointing back to an internal IP of one of our upper level managements PC's. This is a personal laptop. What would be the best way to stop this connection? Would it be to just ban the public IP on the OUTSIDE/INSIDE interface. I am pretty new at Cisco.

Thanks for your help.
asa.jpg
0
Comment
Question by:sethendres
  • 4
  • 3
7 Comments
 
LVL 20

Expert Comment

by:Svet Paperov
ID: 35448727
I would check the PC for malwares. Unles you don't have some special allowing rule on the firewall, this is a connection open from inside.
0
 

Author Comment

by:sethendres
ID: 35448854
I can see that is has a very high port number. This individual will not allow me to inspect the PC even though I am the admin. The individual is hugh on adult related content and the PC is saturated with the content and it is always being plugged into my network. I would like to stop it. Do I just need to close the ports on that subnet?
0
 
LVL 20

Expert Comment

by:Svet Paperov
ID: 35449124
Sorry to hear. Yes you can just block the IP address on the firewall outside interface but this will not solve the problem in long term. Eventually you will end up blocking the whole Internet
0
How to change the world, one degree at a time.

By embracing technology, we can solve even the biggest problems—including the gender gap.  By earning a degree from WGU, you have an opportunity to gain the knowledge, credentials, and experience it takes to thrive in today’s high-growth IT industry.

 

Author Comment

by:sethendres
ID: 35449168
Could you please tell me the command to block the IP?

Thanks
0
 
LVL 20

Expert Comment

by:Svet Paperov
ID: 35449365
If you already have access lists on the outside interface, you just need to add another line or use the ASDM. If you never have use CLI go with ASDM otherwise you could break your configuration
0
 

Author Comment

by:sethendres
ID: 35449659
All configurations have been done through the CLI
0
 
LVL 20

Accepted Solution

by:
Svet Paperov earned 1000 total points
ID: 35450116
It should something like
access-list OUTSIDE_ACCESS_IN line 1 extended deny ip host 8.12.196.126 any

Open in new window

where OUTSIDE_ACCESS_IN is the name of the access list applied to the outside interface, and line 1 is for placing the ACL on the top.
0

Featured Post

Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
In this article, the configuration steps in Zabbix to monitor devices via SNMP will be discussed with some real examples on Cisco Router/Switch, Catalyst Switch, NAS Synology device.
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question