Support User Manuals

Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

7-36

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Chapter 7 Configuring Event Action Rules

Configuring the Denied Attackers List

Configuring the Denied Attackers List

This section describes the denied attackers list and how to add, clear, and monitor the list. It contains the

following topics:

• Adding a Deny Attacker Entry to the Denied Attackers List, page 7-36

• Monitoring and Clearing the Denied Attackers List, page 7-37

Adding a Deny Attacker Entry to the Denied Attackers List

Use the deny attacker [virtual-sensor name] [ip-address attacker-ip-address] | victim

victim-ip-address | port port-number] command to add a single deny attacker entry to the list of denied

attackers. Use the no form of the command to delete the deny attacker entry from the list.

The following options apply:

• name—(Optional) Specifies the name of the virtual sensor to which the deny attackers entry should

be added.

• attacker-ip-address—Specifies the attacker IP address.

• victim-ip-address—(Optional) Specifies the victim IP address.

• port-number—(Optional) Specifies the victim port number. The valid range is 0 to 65535.

Adding Entries to the Denied Attacker List

To add a deny attacker entry to the list of denied attackers, follow these steps:

Step 1 Log in to the CLI using an account with administrator or operator privileges.

Step 2 Add a deny attacker entry with an IP address of 192.0.2.0.

sensor# deny attacker ip-address 192.0.2.0

Warning: Executing this command will add deny attacker address on all virtual sensors.

Continue? [yes]:

Step 3 Enter yes to add this deny attacker entry for all virtual sensors.

Step 4 Add a deny attacker entry to a specific virtual sensor.

sensor# deny attacker virtual-sensor vs0 ip-address 192.0.2.0

Step 5 Remove the deny attacker entry from the list.

sensor# no deny attacker ip-address 10.1.1.1

Warning: Executing this command will delete this address from the list of attackers being

denied by all virtual sensors.

Continue? [yes]:

Step 6 Enter yes to remove the deny attacker entry from the list.

Note To immediately stop denying attackers, you must use the clear denied-attackers command to

clear the denied attackers list.

previous next