- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
11-12-2019 10:18 PM
Hello
I am not sure I completely understand the question.
Can you block a source IP using traceroute app-id?
you can create a policy to deny traceroute from a source IP, yes.
is that your question?
Please advise.
11-13-2019 09:00 AM
Hi,
no, I want to block IP not deny like in reconnaissance in zone protection or in vulnerability protection that you can create a custom rule with 3600 seconds block IP.
11-13-2019 09:56 AM
I appreciate the response.
Maybe I do not understand; deny and block provide similar functionality
My original response of creating a rule to drop/deny a Source Address is probably the best way to block the IP.
I am not being argumentative, perhaps explaining more additional details regarding the use case for this request, will be help everyone to provide better responses.
11-13-2019 03:09 PM
Hello,
I do not think that is possible. However you can just have a policy that explicitly denies the application.
Regards,
11-13-2019 03:16 PM
Ill toss in that configuring ICMP error in Zone Protection can help limit the use of Trace-route.
11-14-2019 07:30 AM
I want to consider that if an IP make traceroute, this is the first step to do other bad activities on my infrastructure so I want to block it (and not deny) before it can attempt to infiltrate in my network.
11-14-2019 07:42 AM
Hello,
While I agree this could be a start to bad things, its a common tool used by many different engineers. I high caution you against a block-ip approach as this will block legit traffic to/from a good host because someone ran a command.
Just a deny rule is much better in this case.
Regards,
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!