Instructions for creating a Block IP CC list according to CV 1024 / ATTT-VNCERT on Cisco ASA firewall
According to the official letter No. 1024 / CATTT-VNCERT on scanning, handling and unloading malicious code of the targeted network attack campaign of more than 400,000 foreign ip to attack Vietnam. Today I will guide you to create a policy of locking the entire IP list on the firewall ASA 5525-x (okay, some other firewalls have different commands: fortigate, Sophos …).
I have made an excel table to make an IP list that needs to block as follows: download here
Contents
Method 1 Execute commands on consoles of CISCO ASA:
Create IP object
--------------------------------------------------------- --CREATE BY IT SHARE NVP-Viettechgroup.vn --DATE: 2019-10-31 --Hướng dẫn tạo danh sách Block IP CC theo CV 1024/ATTT-VNCERT --Catalogies: Lab Cisco ASA --------------------------------------------------------- Lệnh tạo đối tượng IP: Conf t object network OBJ-CC-58.158.177.102 host 58.158.177.102 description OBJ-CC-58.158.177.102 object network OBJ-CC-156.230.21.30 host 156.230.21.30 description OBJ-CC-156.230.21.30 object network OBJ-CC-50.63.202.70 host 50.63.202.70 description OBJ-CC-50.63.202.70 object network OBJ-CC-50.63.202.79 host 50.63.202.79 description OBJ-CC-50.63.202.79 object network OBJ-CC-45.32.50.150 host 45.32.50.150 description OBJ-CC-45.32.50.150 object network OBJ-CC-167.88.180.15 host 167.88.180.15 description OBJ-CC-167.88.180.15 object network OBJ-CC-167.88.178.24 host 167.88.178.24 description OBJ-CC-167.88.178.24 object network OBJ-CC-43.254.217.67 host 43.254.217.67 description OBJ-CC-43.254.217.67 object network OBJ-CC-154.221.24.47 host 154.221.24.47 description OBJ-CC-154.221.24.47 object network OBJ-CC-144.202.54.86 host 144.202.54.86 description OBJ-CC-144.202.54.86 object network OBJ-CC-50.63.202.94 host 50.63.202.94 description OBJ-CC-50.63.202.94 object network OBJ-CC-50.63.202.67 host 50.63.202.67 description OBJ-CC-50.63.202.67 object network OBJ-CC-50.63.202.82 host 50.63.202.82 description OBJ-CC-50.63.202.82 object network OBJ-CC-184.168.221.94 host 184.168.221.94 description OBJ-CC-184.168.221.94 object network OBJ-CC-184.168.221.82 host 184.168.221.82 description OBJ-CC-184.168.221.82 object network OBJ-CC-184.168.221.71 host 184.168.221.71 description OBJ-CC-184.168.221.71 object network OBJ-CC-50.63.202.73 host 50.63.202.73 description OBJ-CC-50.63.202.73 object network OBJ-CC-207.148.12.47 host 207.148.12.47 description OBJ-CC-207.148.12.47 object network OBJ-CC-149.28.74.41 host 149.28.74.41 description OBJ-CC-149.28.74.41 object network OBJ-CC-207.148.78.101 host 207.148.78.101 description OBJ-CC-207.148.78.101 object network OBJ-CC-149.28.74.149 host 149.28.74.149 description OBJ-CC-149.28.74.149 object network OBJ-CC-50.63.202.59 host 50.63.202.59 description OBJ-CC-50.63.202.59 object network OBJ-CC-198.54.117.200 host 198.54.117.200 description OBJ-CC-198.54.117.200 object network OBJ-CC-198.54.117.199 host 198.54.117.199 description OBJ-CC-198.54.117.199 object network OBJ-CC-198.54.117.197 host 198.54.117.197 description OBJ-CC-198.54.117.197 object network OBJ-CC-198.54.117.198 host 198.54.117.198 description OBJ-CC-198.54.117.198 object network OBJ-CC-162.255.119.150 host 162.255.119.150 description OBJ-CC-162.255.119.150 object network OBJ-CC-167.88.180.148 host 167.88.180.148 description OBJ-CC-167.88.180.148 object network OBJ-CC-167.88.177.224 host 167.88.177.224 description OBJ-CC-167.88.177.224 object network OBJ-CC-167.88.180.3 host 167.88.180.3 description OBJ-CC-167.88.180.3 object network OBJ-CC-45.248.87.14 host 45.248.87.14 description OBJ-CC-45.248.87.14 object network OBJ-CC-91.195.240.117 host 91.195.240.117 description OBJ-CC-91.195.240.117 object network OBJ-CC-103.224.182.250 host 103.224.182.250 description OBJ-CC-103.224.182.250 object network OBJ-CC-185.239.226.19 host 185.239.226.19 description OBJ-CC-185.239.226.19 object network OBJ-CC-45.77.209.52 host 45.77.209.52 description OBJ-CC-45.77.209.52 object network OBJ-CC-167.88.178.118 host 167.88.178.118 description OBJ-CC-167.88.178.118 object network OBJ-CC-185.239.226.61 host 185.239.226.61 description OBJ-CC-185.239.226.61 object network OBJ-CC-45.77.184.12 host 45.77.184.12 description OBJ-CC-45.77.184.12
Create an object-group network group named G_Deny
object-group network G_Deny network-object object OBJ-CC-58.158.177.102 network-object object OBJ-CC-156.230.21.30 network-object object OBJ-CC-50.63.202.70 network-object object OBJ-CC-50.63.202.79 network-object object OBJ-CC-45.32.50.150 network-object object OBJ-CC-167.88.180.15 network-object object OBJ-CC-167.88.178.24 network-object object OBJ-CC-43.254.217.67 network-object object OBJ-CC-154.221.24.47 network-object object OBJ-CC-144.202.54.86 network-object object OBJ-CC-50.63.202.94 network-object object OBJ-CC-50.63.202.67 network-object object OBJ-CC-50.63.202.82 network-object object OBJ-CC-184.168.221.94 network-object object OBJ-CC-184.168.221.82 network-object object OBJ-CC-184.168.221.71 network-object object OBJ-CC-50.63.202.73 network-object object OBJ-CC-207.148.12.47 network-object object OBJ-CC-149.28.74.41 network-object object OBJ-CC-207.148.78.101 network-object object OBJ-CC-149.28.74.149 network-object object OBJ-CC-50.63.202.59 network-object object OBJ-CC-198.54.117.200 network-object object OBJ-CC-198.54.117.199 network-object object OBJ-CC-198.54.117.197 network-object object OBJ-CC-198.54.117.198 network-object object OBJ-CC-162.255.119.150 network-object object OBJ-CC-167.88.180.148 network-object object OBJ-CC-167.88.177.224 network-object object OBJ-CC-167.88.180.3 network-object object OBJ-CC-45.248.87.14 network-object object OBJ-CC-91.195.240.117 network-object object OBJ-CC-103.224.182.250 network-object object OBJ-CC-185.239.226.19 network-object object OBJ-CC-45.77.209.52 network-object object OBJ-CC-167.88.178.118 network-object object OBJ-CC-185.239.226.61 network-object object OBJ-CC-45.77.184.12
Create policy Access rules
access-list WAN1-ACCESS-IN extended deny ip object-group G_Deny any access-list WAN2-ACCESS-IN extended deny ip object-group G_Deny any access-group WAN1-ACCESS-IN in interface wan1 access-group WAN2-ACCESS-IN in interface wan2
Method 2 Create on ASA Cisco Interface ASDM
Create IP Object
ASDM->Configuration->Firewall->Objects->Networks Object/Group->Add
Similarly create another turn for other IPs
Create Group object
Create Access Rules