![](http://pdfasset.owneriq.net/0/05/0053e0c3-5eaa-4d2d-93c0-1b54655b7b7b/0053e0c3-5eaa-4d2d-93c0-1b54655b7b7b-bg259.png)
26-5
Cisco ASA Series Firewall ASDM Configuration Guide
Chapter 26 Configuring the Botnet Traffic Filter
Information About the Botnet Traffic Filter
How the Botnet Traffic Filter Works
Figure 26-1 shows how the Botnet Traffic Filter works with the dynamic database plus DNS inspection
with Botnet Traffic Filter snooping.
Figure 26-1 How the Botnet Traffic Filter Works with the Dynamic Database
Figure 26-2 shows how the Botnet Traffic Filter works with the static database.
Figure 26-2 How the Botnet Traffic Filter Works with the Static Database
Security Appliance
DNS
Reverse
Lookup Cache
Infected
Host
Malware Home Site
209.165.201.3
Syslog Server
Dynamic
Database
DNS Server
DNS Snoop
1
DNS Request:
bad.example.com
3
Connection to:
209.165.201.3
2
DNS Reply:
209.165.201.3
Internet
Botnet Traffic
Filter
3b. Send
Syslog Message/Drop Traffic
1a. Match?
3a. Match?
2a. Add
248631
Security Appliance
DNS
Host Cache
Infected
Host
Malware Home Site
209.165.201.3
Syslog Server
Static
Database
DNS Server
Botnet Traffic
Filter
3
Connection to:
209.165.201.3
1a. DNS Request:
bad.example.com
Internet
3b. Send
Syslog Message/Drop Traffic
2a. Add
1
Add entry:
bad.example.com
2
DNS Reply:
209.165.201.3
3a. Match?
248632