H3c-technologies H3C SecPath F1000-E Manual de usuario descargar pdf (Pagina 11)

Item Descri

tion

Permanence Configure the entry to be a permanent one.

Viewing the blacklist

From the navigation tree, select Intrusion Detection > Blacklist to enter the blacklist management page,

where you can view the blacklist information, as shown in Figure 1. Table 2 de

scribes the blacklist fields.

Table 2 Field description

Field Descri

tion

IP Address Blacklisted IP address.

Add Method

Type of the blacklist entry. Possible values include:

• Auto—Added by the scanning detection feature automatically.

• Manual—Added manually or modified manually.

IMPORTANT:

Once modified manually, an auto entry becomes a manual one.

Start Time Time when the blacklist entry is added.

Hold Time Lifetime of the blacklist entry.

Dropped Count Number of packets dropped based on the blacklist entry.

Blacklist configuration example

Network requirements

As shown in Figure 3, the internal network is the trusted zone and the external network is the untrusted

zone. Configure SecPath to do the following tasks:

• Block packets from Host D forever (suppose that Host D is an attack source.)

• Block packets from Host C within 50 minutes, so as to control access of the host.

• Perform scanning detection for traffic from the untrusted zone and, upon detecting a scanning

attack, blacklist the source. The scanning threshold is 4500 connections per second.

Figure 3 Network diagram

Host A Host B

Internet

Host C

192.168.1.5/16

GE0/2

192.168.1.1/16

GE0/1

202.1.0.1/16

SecPathTrust

Untrust

Host D

5.5.5.5/24

1 2 ... 6 7 8 9 10 11 12 13 14 15 16 ... 98 99

Sin comentarios

H3c-technologies H3C SecPath F1000-E Manual de usuario Pagina 11