167
• Select Enable Attack Defense Policy.
• Select Enable Land Attack Detection, Enable Smurf Attack Detection, Enable Scanning Attack
Detection, and Add Source IP Address to the Blacklist. Clear all other options.
• Click Apply.
Verifying the configuration
• Select Security Setup > Attack Defend > Blacklist. Host D and Host C are in the blacklist.
• Router drops all packets from Host D unless you remove Host D from the blacklist.
• Router drops packets from Host C within 50 minutes. Then, Router forwards packets from Host C
correctly.
• Upon detecting the scanning attack, Router outputs an alarm log and adds the IP address of the
attacker to the blacklist. You can view the added blacklist entry by selecting Security Setup > Attack
Defend > Blacklist.
• Upon detecting the Land or Smurf attack, Router outputs an alarm log and drops the attack packet.
For MSR20/30/50/93X/1000 routers
Network requirements
As shown in Figure 169, internal users Host A, Host B, and Host C access the Internet through Router. The
network security requirements are as follows:
• Router always drops packets from Host D, an attacker.
• Router denies packets from Host C for 50 minutes for temporary access control of Host C.
• Router provides scanning attack protection and automatically adds detected attackers to the
blacklist on interface Ethernet 0/2, the interface connecting the Internet.
• Router provides Land attack protection and Smurf attack protection on Ethernet 0/2.
Figure 169 Network diagram
Configuration procedure
# Configure IP addresses for the interfaces. (Details not shown.)
# Enable the blacklist function.
• Select Security Setup > Attack Defend > Blacklist from the navigation tree, and then perform the
following configurations, as shown in Figure 170.
To Next Page
Loading...
Need help?
General
