26-5
Cisco ASA Series Firewall ASDM Configuration Guide
Chapter 26 Configuring the Botnet Traffic Filter
Information About the Botnet Traffic Filter
How the Botnet Traffic Filter Works
Figure 26-1 shows how the Botnet Traffic Filter works with the dynamic database plus DNS inspection
with Botnet Traffic Filter snooping.
Figure 26-1 How the Botnet Traffic Filter Works with the Dynamic Database
Figure 26-2 shows how the Botnet Traffic Filter works with the static database.
Figure 26-2 How the Botnet Traffic Filter Works with the Static Database
Security Appliance
DNS
Reverse
Lookup Cache
Infected
Host
Malware Home Site
209.165.201.3
Syslog Server
Dynamic
Database
DNS Server
DNS Snoop
1
DNS Request:
bad.example.com
3
Connection to:
209.165.201.3
2
DNS Reply:
209.165.201.3
Internet
Botnet Traffic
Filter
3b. Send
Syslog Message/Drop Traffic
1a. Match?
3a. Match?
2a. Add
248631
Security Appliance
DNS
Host Cache
Infected
Host
Malware Home Site
209.165.201.3
Syslog Server
Static
Database
DNS Server
Botnet Traffic
Filter
3
Connection to:
209.165.201.3
1a. DNS Request:
bad.example.com
Internet
3b. Send
Syslog Message/Drop Traffic
2a. Add
1
Add entry:
bad.example.com
2
DNS Reply:
209.165.201.3
3a. Match?
248632