Instructions for creating a Block IP CC list according to CV 1024 / ATTT-VNCERT on Cisco ASA firewall

phuong.nguyen 2020/10/10 - 12:09 AM

According to the official letter No. 1024 / CATTT-VNCERT on scanning, handling and unloading malicious code of the targeted network attack campaign of more than 400,000 foreign ip to attack Vietnam. Today I will guide you to create a policy of locking the entire IP list on the firewall ASA 5525-x (okay, some other firewalls have different commands: fortigate, Sophos …).

Released: September 2021 Quarterly Exchange Updates

How to Install Kubernetes on Windows 11 – Kind

How to Install Docker and Kubernetes for Windows 11 with WSL…

I have made an excel table to make an IP list that needs to block as follows: download here

Contents

Method 1 Execute commands on consoles of CISCO ASA:

Create IP object

---------------------------------------------------------
 --CREATE BY IT SHARE NVP-Viettechgroup.vn
 --DATE: 2019-10-31
 --Hướng dẫn tạo danh sách Block IP CC theo CV 1024/ATTT-VNCERT
 --Catalogies: Lab Cisco ASA
 ---------------------------------------------------------
Lệnh tạo đối tượng IP:
Conf t
object network OBJ-CC-58.158.177.102
     host 58.158.177.102
     description OBJ-CC-58.158.177.102
 object network OBJ-CC-156.230.21.30
     host 156.230.21.30
     description OBJ-CC-156.230.21.30
 object network OBJ-CC-50.63.202.70
     host 50.63.202.70
     description OBJ-CC-50.63.202.70
 object network OBJ-CC-50.63.202.79
     host 50.63.202.79
     description OBJ-CC-50.63.202.79
 object network OBJ-CC-45.32.50.150
     host 45.32.50.150
     description OBJ-CC-45.32.50.150
 object network OBJ-CC-167.88.180.15
     host 167.88.180.15
     description OBJ-CC-167.88.180.15
 object network OBJ-CC-167.88.178.24
     host 167.88.178.24
     description OBJ-CC-167.88.178.24
 object network OBJ-CC-43.254.217.67
     host 43.254.217.67
     description OBJ-CC-43.254.217.67
 object network OBJ-CC-154.221.24.47
     host 154.221.24.47
     description OBJ-CC-154.221.24.47
 object network OBJ-CC-144.202.54.86
     host 144.202.54.86
     description OBJ-CC-144.202.54.86
 object network OBJ-CC-50.63.202.94
     host 50.63.202.94
     description OBJ-CC-50.63.202.94
 object network OBJ-CC-50.63.202.67
     host 50.63.202.67
     description OBJ-CC-50.63.202.67
 object network OBJ-CC-50.63.202.82
     host 50.63.202.82
     description OBJ-CC-50.63.202.82
 object network OBJ-CC-184.168.221.94
     host 184.168.221.94
     description OBJ-CC-184.168.221.94
 object network OBJ-CC-184.168.221.82
     host 184.168.221.82
     description OBJ-CC-184.168.221.82
 object network OBJ-CC-184.168.221.71
     host 184.168.221.71
     description OBJ-CC-184.168.221.71
 object network OBJ-CC-50.63.202.73
     host 50.63.202.73
     description OBJ-CC-50.63.202.73
 object network OBJ-CC-207.148.12.47
     host 207.148.12.47
     description OBJ-CC-207.148.12.47
 object network OBJ-CC-149.28.74.41
     host 149.28.74.41
     description OBJ-CC-149.28.74.41
 object network OBJ-CC-207.148.78.101
     host 207.148.78.101
     description OBJ-CC-207.148.78.101
 object network OBJ-CC-149.28.74.149
     host 149.28.74.149
     description OBJ-CC-149.28.74.149
 object network OBJ-CC-50.63.202.59
     host 50.63.202.59
     description OBJ-CC-50.63.202.59
 object network OBJ-CC-198.54.117.200
     host 198.54.117.200
     description OBJ-CC-198.54.117.200
 object network OBJ-CC-198.54.117.199
     host 198.54.117.199
     description OBJ-CC-198.54.117.199
 object network OBJ-CC-198.54.117.197
     host 198.54.117.197
     description OBJ-CC-198.54.117.197
 object network OBJ-CC-198.54.117.198
     host 198.54.117.198
     description OBJ-CC-198.54.117.198
 object network OBJ-CC-162.255.119.150
     host 162.255.119.150
     description OBJ-CC-162.255.119.150
 object network OBJ-CC-167.88.180.148
     host 167.88.180.148
     description OBJ-CC-167.88.180.148
 object network OBJ-CC-167.88.177.224
     host 167.88.177.224
     description OBJ-CC-167.88.177.224
 object network OBJ-CC-167.88.180.3
     host 167.88.180.3
     description OBJ-CC-167.88.180.3
 object network OBJ-CC-45.248.87.14
     host 45.248.87.14
     description OBJ-CC-45.248.87.14
 object network OBJ-CC-91.195.240.117
     host 91.195.240.117
     description OBJ-CC-91.195.240.117
 object network OBJ-CC-103.224.182.250
     host 103.224.182.250
     description OBJ-CC-103.224.182.250
 object network OBJ-CC-185.239.226.19
     host 185.239.226.19
     description OBJ-CC-185.239.226.19
 object network OBJ-CC-45.77.209.52
     host 45.77.209.52
     description OBJ-CC-45.77.209.52
 object network OBJ-CC-167.88.178.118
     host 167.88.178.118
     description OBJ-CC-167.88.178.118
 object network OBJ-CC-185.239.226.61
     host 185.239.226.61
     description OBJ-CC-185.239.226.61
 object network OBJ-CC-45.77.184.12
     host 45.77.184.12
     description OBJ-CC-45.77.184.12

Create an object-group network group named G_Deny

object-group network G_Deny
     network-object object OBJ-CC-58.158.177.102
     network-object object OBJ-CC-156.230.21.30
     network-object object OBJ-CC-50.63.202.70
     network-object object OBJ-CC-50.63.202.79
     network-object object OBJ-CC-45.32.50.150
     network-object object OBJ-CC-167.88.180.15
     network-object object OBJ-CC-167.88.178.24
     network-object object OBJ-CC-43.254.217.67
     network-object object OBJ-CC-154.221.24.47
     network-object object OBJ-CC-144.202.54.86
     network-object object OBJ-CC-50.63.202.94
     network-object object OBJ-CC-50.63.202.67
     network-object object OBJ-CC-50.63.202.82
     network-object object OBJ-CC-184.168.221.94
     network-object object OBJ-CC-184.168.221.82
     network-object object OBJ-CC-184.168.221.71
     network-object object OBJ-CC-50.63.202.73
     network-object object OBJ-CC-207.148.12.47
     network-object object OBJ-CC-149.28.74.41
     network-object object OBJ-CC-207.148.78.101
     network-object object OBJ-CC-149.28.74.149
     network-object object OBJ-CC-50.63.202.59
     network-object object OBJ-CC-198.54.117.200
     network-object object OBJ-CC-198.54.117.199
     network-object object OBJ-CC-198.54.117.197
     network-object object OBJ-CC-198.54.117.198
     network-object object OBJ-CC-162.255.119.150
     network-object object OBJ-CC-167.88.180.148
     network-object object OBJ-CC-167.88.177.224
     network-object object OBJ-CC-167.88.180.3
     network-object object OBJ-CC-45.248.87.14
     network-object object OBJ-CC-91.195.240.117
     network-object object OBJ-CC-103.224.182.250
     network-object object OBJ-CC-185.239.226.19
     network-object object OBJ-CC-45.77.209.52
     network-object object OBJ-CC-167.88.178.118
     network-object object OBJ-CC-185.239.226.61
     network-object object OBJ-CC-45.77.184.12

Create policy Access rules

access-list WAN1-ACCESS-IN extended deny ip object-group G_Deny any 
access-list WAN2-ACCESS-IN extended deny ip object-group G_Deny any 
access-group WAN1-ACCESS-IN in interface wan1
access-group WAN2-ACCESS-IN in interface wan2

Method 2 Create on ASA Cisco Interface ASDM

Create IP Object

ASDM->Configuration->Firewall->Objects->Networks Object/Group->Add

Similarly create another turn for other IPs

Create Group object

Create Access Rules

Good luck for you !!