6-7. Shunning Traffic
Sometimes it might be possible for malicious hosts to open connections into the protected network. This could occur if the inbound access list policies aren't configured correctly or tightly. As soon as these connections are noticed (after they are built), you might want to react by blocking connections coming from the malicious source address.
To do this, you could edit the access list each time the source of an attack is discovered. This would deny any future connections; xlate entries would also need to be cleared to drop existing connections. This would also quickly become an administrative burden.
A more efficient alternative is the shun command. When a shun is activated, all current connections from a malicious host ...
Get Cisco ASA and PIX Firewall Handbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
