Dynamic Defense; Fail2Ban; Table 11: Ucm6510 Firewall Dynamic Defense - Grandstream Networks UCM6510 User Manual

DYNAMIC DEFENSE

Dynamic defense can blacklist hosts dynamically when the UCM6510 is set to "Route" under web
GUI->Settings->Network Settings->Basic Settings: Method. If enabled, the traffic coming into the
UCM6510 can be monitored, which helps prevent massive connection attempts or brute force attacks to the
device. The blacklist can be created and updated by the UCM6510 firewall, which will then be displayed in
the web page. Please refer to the following table for dynamic defense options on the UCM6510.
Dynamic Defense
Enable
Periodical Time
Interval
Blacklist Update
Interval
Connection
Threshold
Dynamic Defense
Whitelist

FAIL2BAN

Fail2Ban feature on the UCM6510 provides intrusion detection and prevention for authentication errors in
SIP REGISTER, INVITE and SUBSCRIBE. Once the entry is detected within "Max Retry Duration", the
UCM6510 will take action to forbid the host for certain period as defined in "Banned Duration". This feature
helps prevent SIP brute force attacks to the PBX system.
Firmware Version 1.0.0.5

Table 11: UCM6510 Firewall Dynamic Defense

Enable dynamic defense. The default setting is disabled.
Configure the dynamic defense periodic time interval (in minutes). If the
number of TCP connections from a host exceeds the connection threshold
within this period, this host will be added into Blacklist. The valid value is
between 1 to 59 when dynamic defense is turned on. The default setting is
59.
Configure the blacklist update time interval (in seconds). The default setting is
120.
Configure the connection threshold. Once the number of connections from
the same host reaches the threshold, it will be added into the blacklist. The
default setting is 100.
Configure the dynamic defense whitelist.
For example,
192.168.1.3
192.168.1.4
UCM6510 IP PBX User Manual Page 33 of 192