Blocking an IP 1

[koya]

Hi,

Can any one give details about blocking IP address with in a subnet, which is asign to a workstation and the workstation is a virus infected one.

Thnaks & Regards

 

[lgarner]

access-list 101 deny ip host <ip_addr> any

If this is applied inbound to the interface that is the workstation's default gateway, this will block that single workstation from sending traffic to or through the router.

 

[lambent]

remember to put permit any any at the end cos all ACLs contain an implicit deny statement. If not then you'll be blocking everything:

!
access-list 101 deny ip host a.b.c.d any
access-list 101 permit ip any any
!

and of course you'll need to do this to apply the inbound access-list:

!
inteface fastethernet0/0
description User LAN segment
ip access-group 101 in
!

 

[JOAMON]

If you are using managed switches the easiest way would be to shutdown that switch port or simply unplug the cable. If you are using DHCP and that PC gets a different address the next time it signs in, then blocking one single IP would not work for you.

 

[Cotton9]

Our policy is to shut down the port the infected PC is connected to. If the closeset port we have control of is a office or building port we shut that down. Better to cut off 100 users that infect the entire 1500.
We put in an emergency call to the office manager and have them unplug and lock down (physically) the offending PC then we re-enable the office/building and do a complete re-scan.