Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
Chapter 13 Administrative Tasks for the Sensor
Clearing the Denied Attackers List
If your sensor is configured to operate in inline mode, the traffic is passing through the sensor. You can
configure signatures to deny packets, connections, and attackers while in inline mode, which means that
single packets, connections, and specific attackers will be denied, that is, not transmitted, when the
sensor encounters them.
When the signature fires, the attacker is denied and placed in a list. As part of sensor administration, you
may want to delete the list or clear the statistics in the list.
To delete the list of denied attackers and clear the statistics, follow these steps:
Step 1
Log in to the CLI using an account with administrator privileges.
Step 2
Display the list of denied IP addresses:
show statistics denied-attackers
Denied Attackers and hit count for each. = 9 = 5
The statistics show that there are two IP addresses being denied at this time.
Step 3
Delete the denied attackers list:
clear denied-attackers
Warning: Executing this command will delete all addresses from the list of
attackers currently being denied by the sensor.
Continue with clear? [yes]:
Step 4
to clear the list.
Step 5
Verify that you have cleared the list:
show statistics virtual-sensor
Virtual Sensor Statistics
Statistics for Virtual Sensor vs0
Name of current Signature-Definition instance = sig0
Name of current Event-Action-Rules instance = rules0
List of interfaces monitored by this virtual sensor = mypair
Denied Address Information
Number of Active Denied Attackers = 0
Number of Denied Attackers Inserted = 2
Number of Denied Attackers Total Hits = 287
Number of times max-denied-attackers limited creation of new entry = 0
Number of exec Clear commands during uptime = 1
Denied Attackers and hit count for each.
There is no longer any information under the
Denied Attackers and hit count for each category
Step 6
To clear only the statistics:
show statistics virtual-sensor clear
Step 7
Verify that you have cleared the statistics:
show statistics virtual-sensor
Virtual Sensor Statistics
Statistics for Virtual Sensor vs0
Name of current Signature-Definition instance = sig0
Name of current Event-Action-Rules instance = rules0
List of interfaces monitored by this virtual sensor = mypair
Denied Address Information
Number of Active Denied Attackers = 2
Number of Denied Attackers Inserted = 0
Number of Denied Attackers Total Hits = 0
Number of times max-denied-attackers limited creation of new entry = 0