Cisco Systems ASA 5585-X Network Router User Manual

Open as PDF

of 2086

59-7

Cisco ASA 5500 Series Configuration Guide using ASDM

Chapter 59 Configuring the Botnet Traffic Filter

Default Settings

IPv6 Guidelines

Does not support IPv6.

Additional Guidelines and Limitations

• TCP DNS traffic is not supported.

• You can add up to 1000 blacklist entries and 1000 whitelist entries in the static database.

Default Settings

By default, the Botnet Traffic Filter is disabled, as is use of the dynamic database.

For DNS inspection, which is enabled by default, Botnet Traffic Filter snooping is disabled by default.

Configuring the Botnet Traffic Filter

This section includes the following topics:

• Task Flow for Configuring the Botnet Traffic Filter, page 59-7

• Configuring the Dynamic Database, page 59-8

• Enabling DNS Snooping, page 59-10

• Adding Entries to the Static Database, page 59-9

• Enabling Traffic Classification and Actions for the Botnet Traffic Filter, page 59-11

• Blocking Botnet Traffic Manually, page 59-13

• Searching the Dynamic Database, page 59-14

Task Flow for Configuring the Botnet Traffic Filter

To configure the Botnet Traffic Filter, perform the following steps:

Step 1 Enable use of the dynamic database. See the “Configuring the Dynamic Database” section on page 59-8.

This procedure enables database updates from the Cisco update server, and also enables use of the

downloaded dynamic database by the ASA. Disallowing use of the downloaded database is useful in

multiple context mode so you can configure use of the database on a per-context basis.

Step 2 (Optional) Add static entries to the database. See the “Adding Entries to the Static Database” section on

page 59-9.

This procedure lets you augment the dynamic database with domain names or IP addresses that you want

to blacklist or whitelist. You might want to use the static database instead of the dynamic database if you

do not want to download the dynamic database over the Internet.

Step 3 Enable DNS snooping. See the “Enabling DNS Snooping” section on page 59-10.

This procedure enables inspection of DNS packets, compares the domain name with those in the

dynamic database or the static database (when a DNS server for the ASA is unavailable), and adds the

name and IP address to the DNS reverse lookup cache. This cache is then used by the Botnet Traffic

Filter when connections are made to the suspicious address.

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems ASA 5585-X Network Router User Manual