User blacklist
The user blacklist feature is an attack prevention method that filters packets by source users in
blacklist entries. Compared with IP blacklist filtering, user blacklist filtering performs access control
on the user level and improves the filtering usability.
The user blacklist feature must be used together with the user identification feature. User
identification provides the mappings between usernames and IP addresses for the user blacklist. For
more information about user identification, see "Configuring user identification."
Attack detection and prevention configuration task
list
Tasks at a glance
(Required.)
•
(Required.)
•
(Required.) Perform at least one of the following tasks to configure attack detection:
Configuring a single-packet attack defense policy
Configuring a scanning attack defense policy
Configuring a flood attack defense policy
•
(Optional.)
(Required.) Perform at least one of the tasks to apply an attack defense policy:
•
Applying an attack defense policy to an interface
•
Applying an attack defense policy to the device
(Optional.)
Enabling log non-aggregation for single-packet attack events
(Optional.)
Configuring TCP fragment attack prevention
(Optional.)
Configuring the IP blacklist feature
(Optional.)
Configuring the user blacklist feature
(Optional.)
Configuring login attack prevention
(Optional.)
Enabling the login delay
Configuring an attack defense policy
Creating an attack defense policy
An attack defense policy can contain a set of attack detection and prevention configuration against
multiple attacks.
To create an attack defense policy:
Step
1.
Enter system view.
2.
Create an attack defense
policy and enter its view.
Configuring an attack defense
Creating an attack defense policy
Configuring attack detection exemption
Command
system-view
attack-defense policy
policy-name
policy:
382
Remarks
N/A
By default, no attack defense policy
exists.