R3303-HP HSR6800 Routers Security Configuration Guide
12
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable the blacklist function.
blacklist enable Disabled by default.
3. Add a blacklist entry.
blacklist ip source-ip-address
[ timeout minutes ]
Optional.
The scanning attack protection
function can add blacklist entries
automatically.
You can add blacklist entries manually, or configure the device to automatically add the IP addresses of
detected scanning attackers to the blacklist. For the latter purpose, enable the blacklist function for the
device, the scanning attack protection function, and the blacklist function for scanning attack protection.
The blacklist entries added by the scanning attack protection function will be aged after the aging time,
which is configurable. For the configuration of scanning attack protection, see "Configuring a scanning
at
tack protection policy."
Enabling traffic statistics on an interface
To collect traffic statistics on an interface, enable the traffic statistics function on the interface. The device
supports traffic statistics in the following two modes:
• By direction, inbound or outbound—Collect statistics on packets received on or sent from an
interface.
• By IP address, source IP address or destination IP address—Collect statistics on packets received
on an interface by source IP addresses, or on packets sent from an interface by destination IP
addresses.
To enable traffic statistics on an interface:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter interface view.
interface interface-type interface-number N/A
3. Enable traffic statistics on the
interface.
flow-statistics enable { destination-ip |
inbound | outbound | source-ip }
Disabled by default.
Displaying and maintaining attack detection and
protection
Task Command
Remarks
Display the attack protection
statistics of an interface.
display attack-defense statistics interface
interface-type interface-number [ | { begin |
exclude | include } regular-expression ]
Available in any view.