2 Replies Latest reply on Feb 29, 2012 3:19 PM by gofwv

    Strange Blackhole request

      Hi,

       

          I have a request to blackhole a system that attempts a specific protocol to a specific network.  For example - block all traffic from a system (say an accounting system) attempting to NAC on the open student network.  I may be missing something but it doesn't appear that you can add your own IPS signature.  Does anyone know how this could be accomplished?

       

      Thanks,

      gofwv

        • 1. Re: Strange Blackhole request
          sliedl

          You can write a snort signature and import it into the IPS system of the firewall, yes.  KB63125 talks about using custom signatures.

           

          You could also make a Deny rule for a certain port (or a protocol) from a set of IP addresses.  If these devices try to go through the firewall on that port they will be denied.  You could then write an audit filter to 'catch' these events and then blackhole the source IP.

           

          If you can be more specific about the ports or protocols, what exactly someone wants you to block, I can tell you if the firewall can do that.

          • 2. Re: Strange Blackhole request

            Excellent - I am sure one of those solutions will work.   Thanks