Assigning Ids Policies - AudioCodes Mediant 800B User Manual

User's Manual
Parameter
Deny Threshold
deny-thr
[IDSRule_DenyThreshold]
Deny Period
deny-period
[IDSRule_DenyPeriod]

13.3.3 Assigning IDS Policies

The IDS Matches table lets you implement your configured IDS Policies. You do this by
assigning IDS Policies to any, or a combination of the following configuration entities:

SIP Interface: For detection of malicious attacks on specific SIP Interface(s). To
configure SIP Interfaces, see 'Configuring SIP Interfaces' on page 336.

Proxy Sets: For detection of malicious attacks from specified Proxy Set(s). To
configure Proxy Sets, see 'Configuring Proxy Sets' on page 357.

Subnet addresses: For detection of malicious attacks from specified subnet
addresses.
You can configure up to 20 IDS Policy-Matching rules.
The following procedure describes how to configure the IDS Match table through the Web
interface. You can also configure it through ini file (IDSMatch) or CLI (configure voip > ids
match).

To configure an IDS Policy-Matching rule:
1. Open the IDS Matches table (Setup menu > Signaling & Media tab > Intrusion
Detection folder > IDS Matches).
2. Click New; the following dialog box appears:
Version 7.2
Defines the threshold that if crossed, the device blocks (blacklists)
the remote host (attacker).
The default is -1 (i.e., not configured).
Note: The parameter is applicable only if the 'Threshold Scope'
parameter is set to IP or IP+Port.
Defines the duration (in sec) to keep the attacker on the blacklist,
if configured using the 'Deny Threshold' parameter.
The valid range is 0 to 1,000,000. The default is -1 (i.e., not
configured).
Note: The parameter is applicable only if the 'Threshold Scope'
parameter is set to IP or IP+Port.
Figure 13-6: IDS Matches Table - Add Dialog Box
Description
175 Mediant 800B Gateway & E-SBC
13. Security