Ip Blacklist Configuration Example - HPE FlexNetwork 10500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Security command reference (881 pages) ,
- Network management and monitoring command reference (423 pages) ,
- Configuration manual (407 pages)
Table of Contents
Advertisement
DNS flood
HTTP flood
Flood attack defense for protected IP addresses:
Address
10.1.1.2
# Verify that the attack detection and prevention takes effect on GigabitEthernet 1/0/2.
[Device] display attack-defense statistics interface gigabitethernet 1/0/2
Attack policy name: a1
Scan attack defense statistics:
AttackType
Port scan
IP sweep
Distribute port scan
Flood attack defense statistics:
AttackType
SYN flood
Signature attack defense statistics:
AttackType
Smurf
# Verify that the IPv4 blacklist feature collaborates with the scanning attack detection.
[Device] display blacklist ip
IP address
5.5.5.5
IP blacklist configuration example
Network requirements
As shown in
attacker Host D permanently and from Host C for 50 minutes.
Figure 127 Network diagram
Host A
Host C
192.168.1.4/16
Configuration procedure
# Configure IP addresses for the interfaces on the device. (Details not shown.)
# Enable the global blacklist feature.
<Device> system-view
[Device] blacklist global enable
1000(default)
1000(default)
VPN instance Flood type
--
VPN instance
--
Figure
127, configure the IP blacklist feature on the device to block packets from the
Host B
Device
GE1/0/1
192.168.1.1/16
-
-
SYN-FLOOD
AttackTimes Dropped
2
0
3
0
1
0
AttackTimes Dropped
1
5000
AttackTimes Dropped
1
0
DS-Lite tunnel peer
--
GE1/0/2
202.1.0.1/16
493
53
Disabled
80
Disabled
Thres(pps) Actions Ports
5000
L,D
Type
TTL(sec) Dropped
Dynamic 600
353452
Attacker
Internet
Host D
5.5.5.5/24
-
Advertisement
Table of Contents
Troubleshooting
