Defense Scan Add-To-Blacklist - HPE FlexNetwork HSR6800 Security Command Reference
Hide thumbs
Also See for FlexNetwork HSR6800:
- Configuration manual (503 pages) ,
- Command reference manual (153 pages) ,
- Product end-of-life disassembly instructions (2 pages)
Table of Contents
Advertisement
defense scan add-to-blacklist
Use defense scan add-to-blacklist to enable the blacklist function for scanning attack protection.
Use undo defense scan add-to-blacklist to restore the default.
Syntax
defense scan add-to-blacklist
undo defense scan add-to-blacklist
Default
The blacklist function for scanning attack protection is not enabled.
Views
Attack protection policy view
Default command level
2: System level
Usage guidelines
With scanning attack protection enabled, a device checks the connection rate by IP address. If the
connection rate of an IP address reaches or exceeds the threshold (set by the defense scan
max-rate command), the device considers the IP address a scanning attack source and drops
subsequent packets from the IP address until it finds that the rate is less than the threshold. At the
same time, if the blacklist function for scanning attack protection is also enabled, the device adds the
source IP address to the blacklist, which then filters packets until the blacklist entry is aged out (the
aging time is set by the defense scan blacklist-timeout command).
The blacklist entries added by the scanning attack protection function take effect only after you
enable the blacklist function for the device by using the blacklist enable command.
If you delete an entry blacklisted by scanning attack protection short after the entry is added (within 1
second), the system does not add the entry again. This is because the system considers the
subsequent packets matching the entry the packets of the same attack.
Examples
# Enable scanning attack protection.
<Sysname> system-view
[Sysname] attack-defense policy 1
[Sysname-attack-defense-policy-1] defense scan enable
# Set the connection rate threshold for triggering scanning attack protection to 2000 connections per
second.
[Sysname-attack-defense-policy-1] defense scan max-rate 2000
# Enable the blacklist function for scanning attack protection, and specify the blacklist entry aging
time as 20 minutes.
[Sysname-attack-defense-policy-1] defense scan add-to-blacklist
[Sysname-attack-defense-policy-1] defense scan blacklist-timeout 20
[Sysname-attack-defense-policy-1] quit
# Enable the blacklist function globally to make the blacklist function for scanning attack protection
take effect.
[Sysname] blacklist enable
Related commands
•
blacklist enable
•
defense scan blacklist-timeout
422
Advertisement
Table of Contents
