Blocked Hosts list

You can view and edit the list of blocked addresses. Edits include adding, removing, editing blocked hosts, and viewing blocked host details.

The blocked hosts list shows all hosts currently blocked by Host Intrusion Prevention. Each line represents a single host. You can get more information on individual hosts by reading the information in each column.

Column
What it shows
Source
  • The IP address that Host Intrusion Prevention is blocking.
Blocked Reason
  • An explanation of why Host Intrusion Prevention is blocking this address.
  • If Host Intrusion Prevention added this address to the list because of an attempted attack on your system, this column describes the type of attack.

    If Host Intrusion Prevention added this address because one of its firewall rules used the Treat rule match as intrusion option, this column lists the name of the relevant firewall rule.

    If you added this address manually, this column lists only the IP address that you blocked.

Time
  • The time and date when you added this address to the blocked addresses list.
Time Remaining
  • How long Host Intrusion Prevention will continue to block this address.
  • If you specified an expiration time when you blocked the address, this column shows the number of minutes left until Host Intrusion Prevention removes the address from the list.

    If you specified that you wanted this address blocked until you manually removed it from the list, this column displays Until removed.

To edit the Blocked Hosts list:

  1. Click Add to add a host.
  2. The Blocked Host dialog box appears.

  3. Enter the IP address you want to block. To search for an IPS address by domain name, click DNS Lookup.
  4. Determine how long to block the IP address:
    • Select Until Removed to keep the host blocked until deleted.
    • Select For and type the number of minutes, up to 60, to keep the host blocked for a fixed period of time.
  5. Click Trace Source to trace the IP address and gather information like NetBIOS users, MAC address, Telnet server banner, HTTP server banner, FTP server banner, SMTP server banner, and DNS names of nearby addresses.
  6. Click OK.
  7. The new blocked host appears in the list.

     

    After you create a blocked address, Host Intrusion Prevention adds a new entry to the list on the Application Protection tab. It blocks any communication attempt from that IP address until you remove it from the blocked addresses list, or a set period of time expires.

  8. For other edits, do one of the following:
  9. To...
    Do this...
    View the details of or edit a blocked host
    Double-click a host entry, or select a host and click Properties. The Blocked Host dialog box displays information that can be edited.
    Delete a blocked host
    Select a host and click Remove.

Copyright © 2006 McAfee, Inc. All Rights Reserved.