I am under a ddos attack and need to block country

5 pts.
Tags:
Cisco ASA
Cisco ASA Hardware Firewall
DDOS
Distributed Denial of Service
Firewalls
IP blocking
Web security
I have Cisco ASA Hardware Firewall and O don't see how to block either a bunch of IP addresses (thousands) or deny access to a whole country. Is it possible? Adding one IP at a time is not an option. Thanks

Answer Wiki

Thanks. We'll let you know when a new response is added.

Hello Greycheetah
you may <a href=”http://www.phptutorial.info/iptocountry/get_ranges.php”>use this site</a> that gives you country based IP ranges.
Bye

Don’t forget to visit my blog: <a href=”http://itknowledgeexchange.techtarget.com/it-support/”>If it has a plug, it’s IT stuff!!</a>

Better site that provides the subnets and full IP ranges. Provides ACLS for Apache and other APPs but could quite easily be converted to cisco ACL’s

http://www.blockacountry.com/

Discuss This Question: 3  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Labnuke99
    A DDos attack is difficult to stop and it may actually be a reflected attack. Can you block the specific service that they are attacking?
    32,960 pointsBadges:
    report
  • Kevin Beaver
    I agree with Labnuke99 - try to limit who can access the service they're attacking. Also consider contacting your ISP to see if there's anything they can do (i.e. setup an ACL) to keep the traffic from ever getting to your network in the first place.
    16,640 pointsBadges:
    report
  • dwulff
    Too many iptable rules in your firewall can create memory & CPU overhead loads for each new connection and impact latency. I found TechGuard makes an in-line appliance (IPV4/IPV6 compatible) that works w/ other firewalls and routers that allows for blanket policies (like country blocking) but still granular control (i.e. allow specific IP addresses for a corporate office in China as an exception, or blocking specific IP addresses for countries you want open to your network). Again, this would be for a company operating their own servers, in a network that can support an in-line appliance built to block IP addresses by country.
    30 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following