Viewing the blacklist, Blacklist configuration example, Network requirements – H3C Technologies H3C SecPath F1000-E User Manual

3

Return to

Blacklist configuration task list

.

Viewing the Blacklist

From the navigation tree, select Intrusion Detection > Blacklist to enter the blacklist management
page, where you can view the blacklist information, as shown in

Figure 1

.

Table 3

describes the blacklist fields.

Table 3 Blacklist fields

Item Description

IP Address

Blacklisted IP address

Add Method

Type of the blacklist entry, which can be:

•

Auto: Added by the scanning detection feature automatically.

•

Manual: Added manually or modified manually.

IMPORTANT:

Once modified manually, an auto entry becomes a manual one.

Start Time

Time when the blacklist entry is added.

Hold Time

Lifetime of the blacklist entry

Dropped Count

Number of packets dropped based on the blacklist entry

Return to

Blacklist configuration task list

.

Blacklist Configuration Example

Network requirements

As shown in

Figure 3

, the internal network is the trusted zone and the external network is the untrusted

zone. Configure the device so that:

•

The device blocks packets from Host D forever. (It is assumed that Host D is an attack source.)

•

The device blocks packets from Host C within 50 minutes, so as to control access of the host.

•

The device performs scanning detection for traffic from the untrusted zone and, upon detecting a
scanning attack, blacklists the source. The scanning threshold is 4500 connections per second.

Figure 3 Network diagram for blacklist configuration