AudioCodes Mediant 800B User Manual page 172
Media gateway & enterprise session border controller (e-sbc)
Hide thumbs
Also See for Mediant 800B:
- User manual (1338 pages) ,
- Installation and maintenance manual (104 pages) ,
- Hardware installation manual (56 pages)
Table of Contents
Advertisement
Parameter
Threshold Scope
threshold-scope
[IDSRule_ThresholdScope]
Threshold Window
threshold-window
[IDSRule_ThresholdWindow]
Minor-Alarm Threshold
minor-alrm-thr
[IDSRule_MinorAlarmThreshold]
Major-Alarm Threshold
major-alrm-thr
[IDSRule_MajorAlarmThreshold]
Critical-Alarm Threshold
critical-alrm-thr
[IDSRule_CriticalAlarmThreshold]
Deny Threshold
[IDSRule_DenyThreshold]
Deny Period
[IDSRule_DenyPeriod]
User's Manual
Classification failure (see ''Configuring Classification
Rules'' on page 645)
Routing failure
Other local rejects (prior to SIP 180 response)
Remote rejects (prior to SIP 180 response)
[5] Abnormal flow =
Requests and responses without a matching transaction
user (except ACK requests)
Requests and responses without a matching transaction
(except ACK requests)
Defines the source of the attacker to consider in the device's
detection count.
[0] Global = All attacks regardless of source are counted
together during the threshold window.
[2] IP = Attacks from each specific IP address are counted
separately during the threshold window.
[3] IP+Port = Attacks from each specific IP address:port are
counted separately during the threshold window. This option is
useful for NAT servers, where numerous remote machines use
the same IP address but different ports. However, it is not
recommended to use this option as it may degrade detection
capabilities.
Defines the threshold interval (in seconds) during which the
device counts the attacks to check if a threshold is crossed. The
counter is automatically reset at the end of the interval.
The valid range is 1 to 1,000,000. The default is 1.
Defines the threshold that if crossed a minor severity alarm is
sent.
The valid range is 1 to 1,000,000. A value of 0 or -1 means not
defined.
Defines the threshold that if crossed a major severity alarm is
sent.
The valid range is 1 to 1,000,000. A value of 0 or -1 means not
defined.
Defines the threshold that if crossed a critical severity alarm is
sent.
The valid range is 1 to 1,000,000. A value of 0 or -1 means not
defined.
Defines the threshold that if crossed, the device blocks (blacklists)
the remote host (attacker).
The default is -1 (i.e., not configured).
Note: The parameter is applicable only if the 'Threshold Scope'
parameter is set to IP or IP+Port.
Defines the duration (in sec) to keep the attacker on the blacklist.
The valid range is 0 to 1,000,000. The default is -1 (i.e., not
configured).
172
Mediant 800B Gateway and E- SBC
Description
Document #: LTRT-10296
Advertisement
Table of Contents
