There’s even a DNS snoop function so you can black/white list things by domain name. There’s a whitelist function that will disallow adding lines you specify to the blacklist by mistake (very sexy when automating this sort of thing). The dynamic-filter seems to use about as much memory as an ACL of similar size, survives reboot, and is bidirectional on its interface. Shuns don’t survive reboot and are surprisingly hard on memory with respect to ACLs. Using the dynamic-filter (AKA “Botnet Filter”) has a few advantages over ACLs.
#Cisco asa 5505 license license
However it is enabled and ready to use in all ASAs 8.2(x) and above… the license only activates the subscription service, the base functionality works just fine. After some reading, Cisco words it like the Botnet Filter is pretty much useless without a proper license. But a lot of people have been talking about it recently in my circles, and I really can’t help but tinker with things anyways. Cisco frequently pitches how their products are made with magic and rainbows and cruelty-free unicorn meat, and I tend to be a bit skeptical. I was interested in this neat Botnet Traffic Filter thingy they’d been clamoring about. I was tinkering with my ASA the other day. I wanted to start blogging here on Packet Pushers, and I thought updating and reposting this would be a good way to start since blacklisting came up recently on the show. Still, I was found by some random internet folk who seemed to think it was pretty nifty.
I posted this a couple months ago on my blog, but alas my non-celeb status on the internet means I get few views.
0 kommentar(er)
