Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

7-37

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Chapter 7 Configuring Event Action Rules

Configuring the Denied Attackers List

For More Information

For the procedure for clearing denied attackers permanently from the denied attackers list, see

Monitoring and Clearing the Denied Attackers List, page 7-37.

Monitoring and Clearing the Denied Attackers List

Use the show statistics denied-attackers command to display the list of denied attackers. Use the clear

denied-attackers [virtual_sensor] [ip-address ip_address] command to delete the denied attackers list

and clear the virtual sensor statistics.

If your sensor is configured to operate in inline mode, the traffic is passing through the sensor. You can

configure signatures to deny packets, connections, and attackers while in inline mode, which means that

single packets, connections, and specific attackers are denied, that is, not transmitted, when the sensor

encounters them. When the signature fires, the attacker is denied and placed in a list. As part of sensor

administration, you may want to delete the list or clear the statistics in the list.

The following options apply:

• virtual_sensor—(Optional) Specifies the virtual sensor whose denied attackers list should be

cleared.

• ip_address—(Optional) Specifies the IP address to clear.

Displaying and Deleting Denied Attackers

To display the list of denied attackers and delete the list and clear the statistics, follow these steps:

Step 1 Log in to the CLI using an account with administrator privileges.

Step 2 Display the list of denied IP addresses. The statistics show that there are two IP addresses being denied

at this time.

sensor# show statistics denied-attackers

Denied Attackers and hit count for each.

10.20.4.2 = 9

10.20.5.2 = 5

Step 3 Delete the denied attackers list.

sensor# clear denied-attackers

Warning: Executing this command will delete all addresses from the list of attackers

currently being denied by the sensor.

Continue with clear? [yes]:

Step 4 Enter yes to clear the list.

Step 5 Delete the denied attackers list for a specific virtual sensor.

sensor# clear denied-attackers vs0

Warning: Executing this command will delete all addresses from the list of attackers being

denied by virtual sensor vs0.

Continue with clear? [yes]:

Step 6 Enter yes to clear the list.

Step 7 Remove a specific IP address from the denied attackers list for a specific virtual sensor.

sensor# clear denied-attackers vs0 ip-address 192.0.2.0

Warning: Executing this command will delete ip address 192.0.2.0 from the list of

attackers being denied by virtual sensor vs0.

Continue with clear? [yes]:

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems IPS 7.1 Home Security System User Manual