Cisco Systems ASA 5585-X Manual De Usuario
26-5
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 26 Configuring the Botnet Traffic Filter
Information About the Botnet Traffic Filter
How the Botnet Traffic Filter Works
with Botnet Traffic Filter snooping.
Figure 26-1
How the Botnet Traffic Filter Works with the Dynamic Database
shows how the Botnet Traffic Filter works with the static database.
Figure 26-2
How the Botnet Traffic Filter Works with the Static Database
Security Appliance
DNS
Reverse
Lookup Cache
Infected
Host
Malware Home Site
209.165.201.3
Syslog Server
Dynamic
Database
DNS Server
DNS Snoop
1
DNS Request:
bad.example.com
bad.example.com
3
Connection to:
209.165.201.3
209.165.201.3
2
DNS Reply:
209.165.201.3
209.165.201.3
Internet
Botnet Traffic
Filter
Filter
3b. Send
Syslog Message/Drop Traffic
Syslog Message/Drop Traffic
1a. Match?
3a. Match?
2a. Add
24
8
6
3
1
Security Appliance
DNS
Host Cache
Infected
Host
Malware Home Site
209.165.201.3
Syslog Server
Static
Database
DNS Server
Botnet Traffic
Filter
3
Connection to:
209.165.201.3
209.165.201.3
1a. DNS Request:
bad.example.com
bad.example.com
Internet
3b. Send
Syslog Message/Drop Traffic
Syslog Message/Drop Traffic
2a. Add
1
Add entry:
bad.example.com
bad.example.com
2
DNS Reply:
209.165.201.3
209.165.201.3
3a. Match?
24
8
6
3
2