Vulnerability Protection - BlockIP

Reply
L0 Member

Vulnerability Protection - BlockIP

I have configured a vulnerability protection profile to blacklist the ip addresses of attackers for all brute force login attempts with the signatures provided in the threat database.  The profile works very well.  However, i would now like to see the list of currently blacklisted ip addresses. I know it only blacklists for up to an hour, but there has to be a command to show the current ip addresses on the blacklist.

If anyone knows it, please assist me.

Thanks.

Richard

Highlighted
L5 Sessionator

Re: Vulnerability Protection - BlockIP

Hi Richard,

I haven't found a command just yet, but you should be able to goto the threat logs in the webUI, create an action filter that equals "block-ip" and run the filter in the logs.

This should show you what IPs are getting blocked and when. On a side note, for this to be more real-time, you may want to enable logging at the start of the session for the rule that's logging your block-ip threats.

-Jason

L6 Presenter

Re: Vulnerability Protection - BlockIP

Shouldnt "log on session end" be equal as "log on session start" in this case since the ip is being blocked and hence the session is ended by the firewall?

I mean comparing with last "deny & log" rule in the bottom of your ruleset. Since the session its denied it shouldnt matter if you select "log on session start" or "log on session end".

Re: Vulnerability Protection - BlockIP

Hello,

You can try:

debug dataplane show dos       block-table

best regards,

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!