[x]

Attack detection and prevention configuration examples > Example: Configuring IP blacklist

 

 Next

Example: Configuring IP blacklist

Network configuration

As shown in Figure 149, configure the IP blacklist feature on the router to block packets from the attacker Host D permanently and from Host C for 50 minutes.

Figure 149: Network diagram

Procedure

# Configure IP addresses for the interfaces on the router. (Details not shown.)

# Enable the global blacklist feature.

<Router> system-view
[Router] blacklist global enable

# Add an IPv4 blacklist entry for Host D.

[Router] blacklist ip 5.5.5.5

# Add an IPv4 blacklist entry for Host C and set the blacklist entry aging time to 50 minutes.

[Router] blacklist ip 192.168.1.4 timeout 50

Verifying the configuration

# Verify that the IPv4 blacklist entries are successfully added.

<Router> display blacklist ip
IP address      VPN instance   DS-Lite tunnel peer  Type    TTL(sec) Dropped
5.5.5.5         --             --                   Manual  Never    0
192.168.1.4     --             --                   Manual  2989     0

# Verify that the router drops packets from Host D. (Details not shown.)

# Execute the undo blacklist ip 5.5.5.5 command and verify that the router forwards packets from Host D. (Details not shown.)

# Verify that the router drops packets from Host C for 50 minutes and forwards packets from Host C after 50 minutes. (Details not shown.)

prev

 

up

 next

Example: Applying an attack defense policy to the device 

home

 Configuring TCP attack prevention

© Copyright 2017 Hewlett Packard Enterprise Development LP