Ciao a tutti,
spero nel vostro aiuto urgente.
Ho un firewall cisco asa 5505 e ricevo sempre attacchi spoof:
2|Dec 18 2008|22:33:50|106016|||Deny IP spoof from (0.148.127.94) to 8X.2XX.X5.2X on interface outside
2|Dec 18 2008|22:33:50|106016|||Deny IP spoof from (0.45.92.2) to 8X.2XX.X5.2X on interface outside
2|Dec 18 2008|22:33:50|106016|||Deny IP spoof from (0.159.118.19) to 8X.2XX.X5.2X on interface outside
2|Dec 18 2008|22:33:50|106016|||Deny IP spoof from (0.56.251.49) to 8X.2XX.X5.2X on interface outside
2|Dec 18 2008|22:33:50|106016|||Deny IP spoof from (127.9.52.1) to 8X.2XX.X5.2X on interface outside
2|Dec 18 2008|22:33:50|106016|||Deny IP spoof from (127.17.2.95) to 8X.2XX.X5.2X on interface outside
2|Dec 18 2008|22:33:50|106016|||Deny IP spoof from (127.102.158.94) 8X.2XX.X5.2X on interface outside
---------------------------------------------------------
L'attacco arriva al server e non lascia banda disposnibile ed inoltre le connessioni arrivano oltre 10.000 bloccando il firewall,
Come posso fare per bloccare questo attatto?? la cosa stra che il firewall scrive deny e l'attacco arriva ugualmente.
Grazie in anticipo per il vostro aiuto.
Problema con Cisco Asa 5505
Moderatore: Federico.Lagni
- andrewp
- Messianic Network master
- Messaggi: 2199
- Iscritto il: lun 13 giu , 2005 7:32 pm
- Località: Roma
Queste sono le prefix list best practice per le cosiddette "martian network", trasformale in ACL in questo caso e mettile come IN sulla WAN, ricordati alla fine un bel permit ip any any*:
ip prefix-list rfc1918 deny 0.0.0.0/8 le 32
ip prefix-list rfc1918 deny 10.0.0.0/8 le 32
ip prefix-list rfc1918 deny 127.0.0.0/8 le 32
ip prefix-list rfc1918 deny 169.254.0.0/16 le 32
ip prefix-list rfc1918 deny 172.16.0.0/12 le 32
ip prefix-list rfc1918 deny 192.0.2.0.0/24 le 32
ip prefix-list rfc1918 deny 192.168.0.0/16 le 32
ip prefix-list rfc1918 deny 224.0.0.0/3 le 32
ip prefix-list rfc1918 permit 0.0.0.0/0 le 32*
Fammi sapere.
ip prefix-list rfc1918 deny 0.0.0.0/8 le 32
ip prefix-list rfc1918 deny 10.0.0.0/8 le 32
ip prefix-list rfc1918 deny 127.0.0.0/8 le 32
ip prefix-list rfc1918 deny 169.254.0.0/16 le 32
ip prefix-list rfc1918 deny 172.16.0.0/12 le 32
ip prefix-list rfc1918 deny 192.0.2.0.0/24 le 32
ip prefix-list rfc1918 deny 192.168.0.0/16 le 32
ip prefix-list rfc1918 deny 224.0.0.0/3 le 32
ip prefix-list rfc1918 permit 0.0.0.0/0 le 32*
Fammi sapere.
Manipolatore di bit.