AudioCodes Mediant 4000 SBC User Manual page 175

Session border controller

Hide thumbs Also See for Mediant 4000 SBC:

User manual (1037 pages)

Hardware installation manual (40 pages)

User manual (964 pages)

Table of Contents

User's Manual

Threshold Scope

threshold-scope

[IDSRule_ThresholdScope]

Threshold Window

threshold-window

[IDSRule_ThresholdWindow]

Minor-Alarm Threshold

minor-alrm-thr

[IDSRule_MinorAlarmThreshold]

Major-Alarm Threshold

major-alrm-thr

[IDSRule_MajorAlarmThreshold]

Critical-Alarm Threshold

critical-alrm-thr

[IDSRule_CriticalAlarmThreshold]

Remote authentication (SIP 401/407 is sent if original

message includes authentication)

[4] Dialog establish failure =

Classification failure (see ''Configuring Classification

Rules'' on page 491). This also applies to calls rejected by

the device based on a registered users policy (configured

by the SRD_BlockUnRegUsers or

SIPInterface_BlockUnRegUsersblocks parameters).

Routing failure

Other local rejects (prior to SIP 180 response)

Remote rejects (prior to SIP 180 response)

Malicious signature pattern detected (see ''Configuring

Malicious Signatures'' on page 559)

[5] Abnormal flow =

Requests and responses without a matching transaction

user (except ACK requests)

Requests and responses without a matching transaction

(except ACK requests)

Defines the source of the attacker to consider in the device's

detection count.

[0] Global = All attacks regardless of source are counted

together during the threshold window.

[2] IP = Attacks from each specific IP address are counted

separately during the threshold window.

[3] IP+Port = Attacks from each specific IP address:port are

counted separately during the threshold window. This option is

useful for NAT servers, where numerous remote machines use

the same IP address but different ports. However, it is not

recommended to use this option as it may degrade detection

capabilities.

Defines the threshold interval (in seconds) during which the

device counts the attacks to check if a threshold is crossed. The

counter is automatically reset at the end of the interval.

The valid range is 1 to 1,000,000. The default is 1.

Defines the threshold that if crossed a minor severity alarm is

The valid range is 1 to 1,000,000. A value of 0 or -1 means not

Defines the threshold that if crossed a major severity alarm is

The valid range is 1 to 1,000,000. A value of 0 or -1 means not

Defines the threshold that if crossed a critical severity alarm is

The valid range is 1 to 1,000,000. A value of 0 or -1 means not

Mediant 4000 SBC

13. Security

Mediant 4000b sbc

AudioCodes Mediant 4000 SBC User Manual page 175

Related Manuals for AudioCodes Mediant 4000 SBC

Related Products for AudioCodes Mediant 4000 SBC

This manual is also suitable for:

Table of Contents