Cisco ASA 5505 Configuration Manual page 1082
Asa 5500 series
Hide thumbs
Also See for ASA 5505:
- Getting started manual (168 pages) ,
- Administrator's manual (118 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
Information About the Botnet Traffic Filter
For the DNS host cache, after an entry times out, the adaptive security appliance periodically requests a
refresh for the entry.
For the DNS host cache, the maximum number of blacklist entries and whitelist entries is 1000 each.
Table 50-1
Table 50-1
ASA Model
ASA 5505
ASA 5510
ASA 5520
ASA 5540
ASA 5550
ASA 5580
How the Botnet Traffic Filter Works
Figure 50-1
with Botnet Traffic Filter snooping.
Figure 50-1
Infected
Host
Cisco ASA 5500 Series Configuration Guide using ASDM
50-4
lists the maximum number of entries in the DNS reverse lookup cache per model.
DNS Reverse Lookup Cache Entries per Model
Maximum Entries
5000
10,000
20,000
40,000
40,000
100,000
shows how the Botnet Traffic Filter works with the dynamic database plus DNS inspection
How the Botnet Traffic Filter Works with the Dynamic Database
Reverse
Lookup Cache
3a. Match?
DNS Request:
1
bad.example.com
Connection to:
3
209.165.201.3
Syslog Server
Security Appliance
DNS
Dynamic
Database
2a. Add
1a. Match?
DNS Snoop
Botnet Traffic
Filter
3b. Send
Syslog Message/Drop Traffic
Chapter 50
Configuring the Botnet Traffic Filter
DNS Server
2
Internet
Malware Home Site
209.165.201.3
DNS Reply:
209.165.201.3
OL-20339-01
- Quick Links:
- Starting Asdm
- Downloading the Asdm Launcher
Hide quick links:
Advertisement
Chapters
Table of Contents
