для Cisco Cisco Catalyst 6500 Series 7600 Series ASA Services Module

Cisco Systems, Inc.
www.cisco.com

Malware is malicious software that is installed on an unknowing host. Malware that attempts network 
activity such as sending private data (passwords, credit card numbers, key strokes, or proprietary data) 
can be detected by the Botnet Traffic Filter when the malware starts a connection to a known bad IP 
address. The Botnet Traffic Filter checks incoming and outgoing connections against a dynamic database 
of known bad domain names and IP addresses (the blacklist), and then logs or blocks any suspicious 
activity.

You can also supplement the Cisco dynamic database with blacklisted addresses of your choosing by 
adding them to a static blacklist; if the dynamic database includes blacklisted addresses that you think 
should not be blacklisted, you can manually enter them into a static whitelist. Whitelisted addresses still 
generate syslog messages, but because you are only targeting blacklist syslog messages, they are 
informational.

If you do not want to use the Cisco dynamic database at all, because of internal requirements, you can 
use the static blacklist alone if you can identify all the malware sites that you want to target.