We encountered DDOS flood attacks that were captured on our firewalls. I also have noticed brute force logs on the Cisco ASR (Edge) from specific IPs (China). When using the show users command, the IP source was coming from that location. Question is can I blackhole the IP with null 0 off my edge internet router, I have done this multiple times in the past but in a service provider environment not in enterprise. Is it even worth it? Or the ISP should take care of this?
Any additional security best practices, examples etc?
Cisco example shows this IP route 41.14.14.5 255.255.255.255 null0 tag 999
No comments:
Post a Comment