Blacklist configuration example, Network requirements, Configuring the lb product – H3C Technologies H3C SecBlade LB Cards User Manual

239

field Description

Add Method

Type of the blacklist entry. Possible values include:

•

Auto—Added by the scanning detection feature automatically.

•

Manual—Added manually or modified manually.

IMPORTANT:

Once modified manually, an auto entry becomes a manual one.

Start Time

Time when the blacklist entry is added.

Hold Time

Lifetime of the blacklist entry.

Dropped Count

Number of packets dropped based on the blacklist entry.

Blacklist configuration example

Network requirements

As shown in

Figure 135

, the internal network is the trusted zone and the external network is the untrusted

zone.
Configure the LB product to satisfy the following requirements:

•

Block packets from Host D forever (it is assumed that Host D is an attack source).

•

Block packets from Host C within 50 minutes, so as to control access of the host.

•

Perform scanning detection for traffic from the untrusted zone and, upon detecting a scanning

attack, blacklists the source. The scanning threshold is 4500 connections per second.

Figure 135 Network diagram

Configuring the LB product

1.

Assign IP addresses and security zones to the interfaces. (Details not shown.)

2.

Enable the blacklist feature:

a.

From the navigation tree, select Security > Intrusion Detection > Blacklist.
The blacklist management page appears, as shown in

Figure 136

.

b.

In the Global Configuration area, select Enable Blacklist, and click Apply.

c.

Click Apply.

Host A

Host B

Internet

Host C

192.168.1.5/16

GE0/2

192.168.1.1/16

GE0/1
202.1.0.1/16

LB

Trust

Untrust

Host D

5.5.5.5/24