we've got a virus infection and it keeps reinstalling a remote management tool , I've used some monitoring tools and can see it's trying to communicate with the public IP 123.119.253.199, I assumed i'd be able to block this by putting in :
access-list in2out deny ip any host 123.119.253.199 access-list in2out permit ip any any access-list in2out permit icmp any any access-group in2out in interface inside
I thought the above lines would resolve it , but I can still see the virus communicating with that IP address both in and outbound
Anybody have any ideas what i've missed?