Filter
Top Products
17-29
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 17 Administrative Tasks for the Sensor
Clearing the Denied Attackers List
If your sensor is configured to operate in inline mode, the traffic is passing through the sensor. You can
configure signatures to deny packets, connections, and attackers while in inline mode, which means that
single packets, connections, and specific attackers are denied, that is, not transmitted, when the sensor
encounters them. When the signature fires, the attacker is denied and placed in a list. As part of sensor
administration, you may want to delete the list or clear the statistics in the list.
The following options apply:
• virtual_sensor—(Optional) Specifies the virtual sensor whose denied attackers list should be
cleared.
• ip_address—(Optional) Specifies the IP address to clear.
Displaying and Deleting Denied Attackers
To display the list of denied attackers and delete the list and clear the statistics, follow these steps:
Step 1 Log in to the CLI using an account with administrator privileges.
Step 2 Display the list of denied IP addresses. The statistics show that there are two IP addresses being denied
at this time.
sensor# show statistics denied-attackers
Denied Attackers and hit count for each.
10.20.4.2 = 9
10.20.5.2 = 5
Step 3 Delete the denied attackers list.
sensor# clear denied-attackers
Warning: Executing this command will delete all addresses from the list of attackers
currently being denied by the sensor.
Continue with clear? [yes]:
Step 4 Enter yes to clear the list.
Step 5 Delete the denied attackers list for a specific virtual sensor.
sensor# clear denied-attackers vs0
Warning: Executing this command will delete all addresses from the list of attackers being
denied by virtual sensor vs0.
Continue with clear? [yes]:
Step 6 Enter yes to clear the list.
Step 7 Remove a specific IP address from the denied attackers list for a specific virtual sensor.
sensor# clear denied-attackers vs0 ip-address 192.0.2.0
Warning: Executing this command will delete ip address 192.0.2.0 from the list of
attackers being denied by virtual sensor vs0.
Continue with clear? [yes]:
Step 8 Enter yes to clear the list.
Step 9 Verify that you have cleared the list. You can use the show statistics denied-attackers or show statistics
virtual-sensor command.
sensor# show statistics denied-attackers
Denied Attackers and hit count for each.
Denied Attackers and hit count for each.
Statistics for Virtual Sensor vs0
Denied Attackers with percent denied and hit count for each.
Denied Attackers with percent denied and hit count for each.