Manualsbrain.com
  1. Manuales
  2. Marcas
  3. Cisco Systems
  4. ASA 5585-X
  5. Manual De Usuario

Cisco Systems ASA 5585-X Manual De Usuario

Descargar
Página de 712
 
26-19
Cisco ASA Series Firewall CLI Configuration Guide
 
Chapter 26      Configuring the Botnet Traffic Filter
  Configuration Examples for the Botnet Traffic Filter
horrible.example.net(10.232.224.2) 2
2
3
Botnet
nono.example.org(209.165.202.130) 1
1
3
Virus
Last clearing of the top sites report: at 13:41:06 UTC Jul 15 2009
The following is sample output from the show dynamic-filter reports top malware-ports command:
ciscoasa# show dynamic-filter reports top malware-ports
Port                                       Connections logged
----------------------------------------------------------------------
tcp 1000                                           617
tcp 2001                                           472
tcp 23                                              22
tcp 1001                                            19
udp 2000                                            17
udp 2001                                            17
tcp 8080                                             9
tcp 80                                               3
tcp >8192                                            2
Last clearing of the top sites report: at 13:41:06 UTC Jul 15 2009
The following is sample output from the show dynamic-filter reports top infected-hosts command:
ciscoasa# show dynamic-filter reports top infected-hosts
Host                                       Connections logged
----------------------------------------------------------------------
10.10.10.51(inside)                               1190
10.12.10.10(inside)                                10 
10.10.11.10(inside)                                 5 
Last clearing of the top infected-hosts report: at 13:41:06 UTC Jul 15 2009
Configuration Examples for the Botnet Traffic Filter
This section includes the recommended configuration for single and multiple context mode, as well as 
other possible configurations. This section includes the following topics:
Recommended Configuration Example
The following recommended example configuration for single context mode enables downloading of the 
dynamic database, and enables use of the database. It creates a class map for all UDP DNS traffic, 
enables DNS inspection and Botnet Traffic Filter snooping with the default DNS inspection policy map, 
and applies it to the outside interface, the Internet-facing interface.
Example 26-1 Single Mode Botnet Traffic Filter Recommended Example
ciscoasa(config)# dynamic-filter updater-client enable
ciscoasa(config)# dynamic-filter use-database
ciscoasa(config)# class-map dynamic-filter_snoop_class
ciscoasa(config-cmap)# match port udp eq domain
ciscoasa(config-cmap)# policy-map dynamic-filter_snoop_policy
ciscoasa(config-pmap)# class dynamic-filter_snoop_class