Attack Detection And Prevention Configuration Examples; Interface-Based Attack Detection And Prevention Configuration Example - HP FlexNetwork 10500 Series Security Configuration Manual

Task
Clear dynamic IPv4 blacklist entries.
Clear dynamic IPv6 blacklist entries.
Clear blacklist statistics.
Attack detection and prevention configuration
examples
Interface-based attack detection and prevention
configuration example
Network requirements
As shown in
Configure an attack defense policy and apply the policy to GigabitEthernet 1/0/2 to meet the
following requirements:
•
Provide low-level scanning attack detection for internal hosts and servers. If a scanning attack
is detected, log the attack and keep the attacker on the blacklist for 10 minutes.
•
Protect internal hosts and servers against smurf attacks. If a smurf attack is detected, log the
attack.
•
Protect the internal server against SYN flood attacks. If the number of SYN packets sent to the
server per second reaches or exceeds 5000, log the attack and drop subsequent packets.
Figure 140 Network diagram
Configuration procedure
# Configure IP addresses for the interfaces on the device. (Details not shown.)
# Enable the global blacklist feature.
<Device> system-view
[Device] blacklist global enable
Figure 140, the device is the gateway for the internal network.
Command
reset blacklist ip { source-ip-address [ vpn-instance
vpn-instance-name ] [ ds-lite-peer
ds-lite-peer-address ] | all }
reset blacklist ipv6 { source-ipv6-address
[ vpn-instance vpn-instance-name ] | all }
reset blacklist statistics
485