R3721-F3210-F3171-HP High-End Firewalls Attack Protection Configuration Guide-6PW101
3
Viewing the blacklist
From the navigation tree, select Intrusion Detection > Blacklist to enter the blacklist management page,
where you can view the blacklist information, as shown in Figure 1. Table 2 de
scribes the blacklist fields.
Table 2 Field description
Field Descri
p
tion
IP Address Blacklisted IP address
Add Method
Type of the blacklist entry. Possible values include:
• Auto—Added by the scanning detection feature automatically.
• Manual—Added manually or modified manually.
IMPORTANT:
Once modified manually, an auto entry becomes a manual one.
Start Time Time when the blacklist entry is added.
Hold Time Lifetime of the blacklist entry
Dropped Count Number of packets dropped based on the blacklist entry
Blacklist configuration example
Network requirements
As shown in Figure 3, the internal network is the trusted zone and the external network is the untrusted
zone. Configure Firewall to do the following tasks:
• Block packets from Host D forever (suppose that Host D is an attack source.)
• Block packets from Host C within 50 minutes, so as to control access of the host.
• Perform scanning detection for traffic from the untrusted zone and, upon detecting a scanning
attack, blacklist the source. The scanning threshold is 4500 connections per second.
Figure 3 Network diagram
Configuration procedure
1. Assign IP addresses to the interfaces. (Details not shown.)
2. Select Intrusion Detection > Blacklist from the navigation tree.
The blacklist management page appears.
Host A Host B
Internet
Host C
192.168.1.5/16
GE0/2
192.168.1.1/16
GE0/1
202.1.0.1/16
FirewallTrust
Untrust
Host D
5.5.5.5/24