Viewing the blacklist, Blacklist configuration example, Network requirements – H3C Technologies H3C SecPath F1000-E User Manual
Page 11
3
Item Description
Permanence
Configure the entry to be a permanent one.
Viewing the blacklist
From the navigation tree, select Intrusion Detection > Blacklist to enter the blacklist management page,
where you can view the blacklist information, as shown in
describes the blacklist fields.
Table 2 Field description
Field Description
IP Address
Blacklisted IP address.
Add Method
Type of the blacklist entry. Possible values include:
•
Auto—Added by the scanning detection feature automatically.
•
Manual—Added manually or modified manually.
IMPORTANT:
Once modified manually, an auto entry becomes a manual one.
Start Time
Time when the blacklist entry is added.
Hold Time
Lifetime of the blacklist entry.
Dropped Count
Number of packets dropped based on the blacklist entry.
Blacklist configuration example
Network requirements
As shown in
, the internal network is the trusted zone and the external network is the untrusted
zone. Configure SecPath to do the following tasks:
•
Block packets from Host D forever (suppose that Host D is an attack source.)
•
Block packets from Host C within 50 minutes, so as to control access of the host.
•
Perform scanning detection for traffic from the untrusted zone and, upon detecting a scanning
attack, blacklist the source. The scanning threshold is 4500 connections per second.
Figure 3 Network diagram
Host A
Host B
Internet
Host C
192.168.1.5/16
GE0/2
192.168.1.1/16
GE0/1
202.1.0.1/16
SecPath
Trust
Untrust
Host D
5.5.5.5/24