Blacklist Configuration; Blacklist Overview; Configuring The Blacklist Feature; Displaying And Maintaining The Blacklist - HP 3600 v2 Series Security Configuration Manual
Hide thumbs
Also See for 3600 v2 Series:
- Command reference manual (510 pages) ,
- Configuration manual (449 pages) ,
- Installation manual (62 pages)
Table of Contents
Advertisement
Blacklist configuration
Blacklist overview
The blacklist feature is an attack prevention mechanism that filters packets based on the source IP address.
Compared with ACL-based packet filtering, the blacklist feature is easier to configure and fast in filtering
packets sourced from particular IP addresses.
The device can dynamically add and remove blacklist entries by cooperating with the login user
authentication feature. When the device detects that a user tried to use FTP, Telnet, SSH, SSL, or web to
log in to the device for a specific number of times but failed to log in, it considers the user an invalid user
and automatically blacklists the user's IP address to filter subsequent packets sourced from that IP address.
This function can effectively prevent users from cracking passwords by repeatedly trying to log in.
The device always uses the login failure threshold of 6 and sets the aging time of a dynamic blacklist
entry to 10 minutes. These two settings are not configurable. User login failure reasons include wrong
username, wrong password, and wrong verification code (for web users).
The device also supports adding and removing blacklist entries manually. Manually configured blacklist
entries fall into two categories: permanent and non-permanent. A permanent blacklist entry is always
present unless being removed manually, whereas a non-permanent blacklist entry has a limited lifetime
depending on your configuration. When the lifetime of a non-permanent entry expires, the device
removes the entry from the blacklist, allowing the packets of the IP address defined by the entry to pass
through.
Configuring the blacklist feature
Follow these steps to configure the blacklist feature:
To do...
Enter system view
Enable the blacklist
feature
Add a blacklist entry
Displaying and maintaining the blacklist
To do...
Display blacklist
information
Use the command...
system-view
blacklist enable
blacklist ip source-ip-address [ timeout
minutes ]
Use the command...
display blacklist { all | ip
source-ip-address [ slot slot-number ] |
slot slot-number } [ | { begin | exclude |
include } regular-expression ]
380
Remarks
—
Required
Disabled by default
Optional
To add a permanent entry, do not specify the
timeout minutes option.
Remarks
Available in any view
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
