Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
108
Views
1
Helpful
0
Replies

ACL or other conception to block scanner

wojsal
Level 1
Level 1

‎04-05-2024 05:19 AM

Hi,I have a connection like below with my internet provider :

 

schma2.jpg

in my netflow system I see a lot of attempts to scan the IP connection from the X.X.X.X address on various ports
to the y.y.y.y address as well, but it is already behind my firewall where I cut off this traffic.

I just tried to do acl for deny src ip but it doesn't make sense.

I suspect that when I do acl:

deny ip any host x.x.x.75

and I will pin it to the interface as IN, it will probably block all traffic for the y.y.y.y subnet from the Internet because it is the next hop for the y.y.y.y subnet. Do I understand it correctly?

 

flow.jpg

 

I only have icmp 161 and ntp open when I check e.g. with shodan. It will block these 3 protocols, but is this an effective solution?

router c8300 with ios xe 

Labels:
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card