Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

14-33

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Chapter 14 Configuring Attack Response Controller for Blocking and Rate Limiting

Obtaining a List of Blocked Hosts and Connections

Use the block connection source-ip-address destination-ip-address [port port-number] [protocol type]

[timeout minutes] command in privileged EXEC mode to block a connection between two IP addresses.

Use the no form of the command to remove the connection block. You must have blocking configured

before you can set up connection blocks. You can also view a list of connections that are being blocked.

If you do not configure the amount of time for the connection block, it is permanent.

The following options apply:

• source-ip-address—Specifies the source IP address in a connection block.

• destination-ip-address—Specifies the destination IP address in a connection block.

• port-number—(Optional) Specifies the destination port number. The valid range is 0 to 65535.

• type—(Optional) Specifies the protocol type. The valid types are tcp or udp.

• minutes—(Optional) Specifies the duration of the connection block in minutes. The valid range is 0

to 70560 minutes.

Blocking a Connection

To block a connection, follow these steps:

Step 1 Log in to the CLI using an account with administrator or operator privileges.

Step 2 Configure the connection block between a source IP address and a destination IP address specifying the

port, protocol, and time, for example. The connection block ends in 30 minutes.

sensor# block connection 10.0.0.0 172.16.0.0 port 80 protocol tcp timeout 30

Step 3 Start a connection block. The connection block lasts until you remove it.

sensor# block connection 10.0.0.0 172.16.0.0

Step 4 End the connection block.

sensor# no block connection 10.0.0.0

sensor#

Obtaining a List of Blocked Hosts and Connections

Use the show statistics command to obtain a list of blocked hosts and blocked connections. To obtain a

list of blocked hosts and connections, follow these steps:

Step 1 Log in to the CLI.

Step 2 Check the statistics for the ARC. The Host entry indicates which hosts are being blocked and how long

the blocks are.

sensor# show statistics network-access

Current Configuration

LogAllBlockEventsAndSensors = true

EnableNvramWrite = false

EnableAclLogging = false

AllowSensorBlock = false

BlockMaxEntries = 250

MaxDeviceInterfaces = 250

NetDevice

Type = Cisco

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Cisco Systems IPS 7.1 Home Security System User Manual