Manualshelf

HP VPN Firewall Appliances Attack Protection Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
31323334353637383940
29
field Descri
p
tion
Add Method
Type of the blacklist entry. Possible values include:
Auto—Added by the scanning detection feature automatically.
Manual—Added manually or modified manually.
IMPORTANT:
Once modified manually, an auto entry becomes a manual one.
Start Time Time when the blacklist entry is added.
Hold Time Lifetime of the blacklist entry.
Dropped Count Number of packets dropped based on the blacklist entry.
Blacklist configuration example
Network requirements
As shown in Figure 35, the internal network is the trusted zone and the external network is the untrusted
zone.
Configure the firewall to meet the following requirements:
Block packets from Host D forever (it is assumed that Host D is an attack source).
Block packets from Host C within 50 minutes, so as to control access of the host.
Perform scanning detection for traffic from the untrusted zone and, upon detecting a scanning
attack, blacklist the source. The scanning threshold is 4500 connections per second.
Figure 35 Network diagram
Configuring the firewall
1. Assign IP addresses and security zones to the interfaces. (Details not shown.)
2. Enable the blacklist feature:
a. From the navigation tree, select Intrusion Detection > Blacklist.
b. The blacklist management page appears, as shown in Figure 36.
c. In the Global Configuration area, selec
t Enable Blacklist, and click Apply.
d.
Click Apply.
Host A Host B
Internet
Host C
192.168.1.5/16
GE0/2
192.168.1.1/16
GE0/1
202.1.0.1/16
FirewallTrust
Untrust
Host D
5.5.5.5/24