R2511-HP MSR Router Series Security Command Reference(V5)
487
If you delete an entry blacklisted by scanning attack protection short after the entry is added (within 1
second), the system does not add the entry again. This is because the system considers the subsequent
packets matching the entry the packets of the same attack.
Examples
# Enable scanning attack protection.
<Sysname> system-view
[Sysname] attack-defense policy 1
[Sysname-attack-defense-policy-1] defense scan enable
# Set the connection rate threshold for triggering scanning attack protection to 2000 connections per
second.
[Sysname-attack-defense-policy-1] defense scan max-rate 2000
# Enable the blacklist function for scanning attack protection, and specify the blacklist entry aging time
as 20 minutes.
[Sysname-attack-defense-policy-1] defense scan add-to-blacklist
[Sysname-attack-defense-policy-1] defense scan blacklist-timeout 20
[Sysname-attack-defense-policy-1] quit
# Enable the blacklist function globally to make the blacklist function for scanning attack protection take
effect.
[Sysname] blacklist enable
Related commands
• blacklist enable
• defense scan blacklist-timeout
• defense scan enable
• defense scan max-rate
defense scan blacklist-timeout
Use defense scan blacklist-timeout to specify the aging time for entries blacklisted by scanning attack
protection.
Use undo defense scan blacklist-timeout to restore the default, which is 10 minutes.
Syntax
defense scan blacklist-timeout minutes
undo defense scan blacklist-timeout
Views
Attack protection policy view
Default command level
2: System level
Parameters
minutes: Specifies the aging time of blacklist entries, in the range of 1 to 1000 minutes.
Examples
# Set the aging time for entries blacklisted by the scanning attack protection function to 20 minutes.
<Sysname> system-view