Enabling dns snooping, Enabling dns – Cisco ASA 5505 User Manual

Page 1174

Advertising
background image

55-10

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 55 Configuring the Botnet Traffic Filter

Configuring the Botnet Traffic Filter

Examples

The following example creates entries for the blacklist and whitelist:

hostname(config)# dynamic-filter blacklist

hostname(config-llist)# name bad1.example.com

hostname(config-llist)# name bad2.example.com

hostname(config-llist)# address 10.1.1.1 255.255.255.0

hostname(config-llist)# dynamic-filter whitelist

hostname(config-llist)# name good.example.com

hostname(config-llist)# name great.example.com

hostname(config-llist)# name awesome.example.com

hostname(config-llist)# address 10.1.1.2 255.255.255.255

What to Do Next

See the

“Enabling DNS Snooping” section on page 55-10

.

Enabling DNS Snooping

This procedure enables inspection of DNS packets and enables Botnet Traffic Filter snooping, which
compares the domain name with those on the dynamic database or static database, and adds the name
and IP address to the Botnet Traffic Filter DNS reverse lookup cache. This cache is then used by the
Botnet Traffic Filter when connections are made to the suspicious address.

The following procedure creates an interface-specific service policy for DNS inspection. See the

“DNS

Inspection” section on page 43-1

and

Chapter 32, “Configuring a Service Policy Using the Modular

Policy Framework,”

for detailed information about configuring advanced DNS inspection options using

the Modular Policy Framework.

Prerequisites

In multiple context mode, perform this procedure in the context execution space.

Restrictions

TCP DNS traffic is not supported.

name

domain_name

Example:

hostname(config-llist)# name good.example.com

Adds a name to the whitelist. You can enter this
command multiple times for multiple entries. You can
add up to 1000 whitelist entries.

address

ip_address mask

Example:

hostname(config-llist)# address 10.1.1.2

255.255.255.255

Adds an IP address to the whitelist. You can enter this
command multiple times for multiple entries. The
mask can be for a single host or for a subnet.

Command

Purpose

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals