Product guide

3-18

Virus Throttling

Configuring Connection-Rate Filtering

Unblocking Currently-Blocked Hosts

If a host becomes blocked by triggering connection-rate filtering on a port

configured to block high connection rates, the host remains blocked on all

ports on the switch even if you change the per-port filtering configuration.

(The source IP address block imposed by connection-rate filtering does not

age-out.) This is to help prevent a malicious host from automatically regaining

access to the network.

When a host becomes blocked the switch generates the following Event Log

message and also sends a similar message to any configured SNMP trap

receivers.

Src IP xxx.xxx.xxx.xxx blocked

Note ProCurve recommends that, before you unblock a host that has been blocked

by connection-rate filtering, you inspect the host with current antivirus tools

and remove any malicious agents that pose a threat to your network.

If a trusted host frequently triggers connection-rate blocking with legitimate,

high connection-rate traffic, then you may want to consider either changing

the sensitivity level on the associated port or configuring a connection-rate

ACL to create a filtering exception for the host.

Note For a complete list of options for unblocking hosts, see page 3-7.

Syntax: connection-rate-filter unblock < all | host | ip-addr >

all: Unblocks all hosts currently blocked due to action by

connection-rate filtering on ports where block mode has

been configured.

host < ip-addr >: Unblocks the single host currently blocked

due to action by connection-rate filtering on ports where

block mode has been configured.

ip-addr < mask > : Unblocks traffic from any host in the

specified subnet currently blocked due to action by connec-

tion-rate filtering on ports where block mode has been

configured.

Note: There is also an option to unblock any host belonging

to a specific VLAN using the vlan <vid> connection-rate-filter

unblock command.