Recommended configuration example – Cisco ASA 5505 User Manual

Page 1183

Advertising
background image

55-19

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 55 Configuring the Botnet Traffic Filter

Configuration Examples for the Botnet Traffic Filter

horrible.example.net(10.232.224.2) 2

2

3

Botnet

nono.example.org(209.165.202.130) 1

1

3

Virus

Last clearing of the top sites report: at 13:41:06 UTC Jul 15 2009

The following is sample output from the show dynamic-filter reports top malware-ports command:

hostname# show dynamic-filter reports top malware-ports

Port Connections logged

----------------------------------------------------------------------

tcp 1000 617

tcp 2001 472

tcp 23 22

tcp 1001 19

udp 2000 17

udp 2001 17

tcp 8080 9

tcp 80 3

tcp >8192 2

Last clearing of the top sites report: at 13:41:06 UTC Jul 15 2009

The following is sample output from the show dynamic-filter reports top infected-hosts command:

hostname# show dynamic-filter reports top infected-hosts

Host Connections logged

----------------------------------------------------------------------

10.10.10.51(inside) 1190

10.12.10.10(inside) 10

10.10.11.10(inside) 5

Last clearing of the top infected-hosts report: at 13:41:06 UTC Jul 15 2009

Configuration Examples for the Botnet Traffic Filter

This section includes the recommended configuration for single and multiple context mode, as well as
other possible configurations. This section includes the following topics:

Recommended Configuration Example, page 55-19

Other Configuration Examples, page 55-20

Recommended Configuration Example

The following recommended example configuration for single context mode enables downloading of the
dynamic database, and enables use of the database. It creates a class map for all UDP DNS traffic,
enables DNS inspection and Botnet Traffic Filter snooping with the default DNS inspection policy map,
and applies it to the outside interface, the Internet-facing interface.

Example 55-1 Single Mode Botnet Traffic Filter Recommended Example

hostname(config)# dynamic-filter updater-client enable

hostname(config)# dynamic-filter use-database

hostname(config)# class-map dynamic-filter_snoop_class

hostname(config-cmap)# match port udp eq domain

hostname(config-cmap)# policy-map dynamic-filter_snoop_policy

hostname(config-pmap)# class dynamic-filter_snoop_class

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals