Cisco Systems and the ASA Services Module Manual De Usuario
C H A P T E R
26-1
Cisco ASA Series Firewall CLI Configuration Guide
26
Configuring the Botnet Traffic Filter
Malware is malicious software that is installed on an unknowing host. Malware that attempts network
activity such as sending private data (passwords, credit card numbers, key strokes, or proprietary data)
can be detected by the Botnet Traffic Filter when the malware starts a connection to a known bad IP
address. The Botnet Traffic Filter checks incoming and outgoing connections against a dynamic database
of known bad domain names and IP addresses (the blacklist), and then logs or blocks any suspicious
activity.
activity such as sending private data (passwords, credit card numbers, key strokes, or proprietary data)
can be detected by the Botnet Traffic Filter when the malware starts a connection to a known bad IP
address. The Botnet Traffic Filter checks incoming and outgoing connections against a dynamic database
of known bad domain names and IP addresses (the blacklist), and then logs or blocks any suspicious
activity.
You can also supplement the Cisco dynamic database with blacklisted addresses of your choosing by
adding them to a static blacklist; if the dynamic database includes blacklisted addresses that you think
should not be blacklisted, you can manually enter them into a static whitelist. Whitelisted addresses still
generate syslog messages, but because you are only targeting blacklist syslog messages, they are
informational.
adding them to a static blacklist; if the dynamic database includes blacklisted addresses that you think
should not be blacklisted, you can manually enter them into a static whitelist. Whitelisted addresses still
generate syslog messages, but because you are only targeting blacklist syslog messages, they are
informational.
Note
If you do not want to use the Cisco dynamic database at all, because of internal requirements, you can
use the static blacklist alone if you can identify all the malware sites that you want to target.
use the static blacklist alone if you can identify all the malware sites that you want to target.
This chapter describes how to configure the Botnet Traffic Filter and includes the following sections:
•
•
•
•
•
•
•
•
•
•
Information About the Botnet Traffic Filter
This section includes information about the Botnet Traffic Filter and includes the following topics:
•