AudioCodes Mediant 4000 SBC User Manual page 174

Session border controller

Hide thumbs Also See for Mediant 4000 SBC:

Table of Contents

Click New; the following dialog box appears:

The figure above shows a configuration example: If 15 malformed SIP messages

('Reason') are received within a period of 30 seconds ('Threshold Window'), a minor

alarm is sent ('Minor-Alarm Threshold'). Every 30 seconds, the rule's counters are

cleared ('Threshold Window'). If more than 25 malformed SIP messages are received

within this period, the device blacklists for 60 seconds the remote IP host ('Deny

Threshold') from where the messages were received.

Configure an IDS Rule according to the parameters described in the table below.

Click Apply, and then save your settings to flash memory.

[IDSRule_RuleID]

[IDSRule_Reason]

User's Manual

Figure 13-6: IDS Rule Table - Add Dialog Box

Table 13-4: IDS Rule Table Parameter Descriptions

Defines an index number for the new table record.

Defines the type of intrusion attack (malicious event).

[0] Any = All events listed below are considered as attacks

and are counted together.

[1] Connection abuse = (Default) TLS authentication failure.

[2] Malformed message =

Message exceeds a user-defined maximum message

length (50K)

Any SIP parser error

Message Policy match (see ''Configuring SIP Message

Policy Rules'')

Basic headers not present

Content length header not present (for TCP)

Header overflow

[3] Authentication failure =

Local authentication ("Bad digest" errors)

Mediant 4000 SBC

Document #: LTRT-40203

Mediant 4000b sbc