AudioCodes Mediant 500L User Manual page 179

Enterprise session border controller (e-sbc) & media gateway

Hide thumbs Also See for Mediant 500L:

Table of Contents

User's Manual

Click New; the following dialog box appears:

The figure above shows a configuration example: If 15 malformed SIP messages

('Reason') are received within a period of 30 seconds ('Threshold Window'), a minor

alarm is sent ('Minor-Alarm Threshold'). Every 30 seconds, the rule's counters are

cleared ('Threshold Window'). If more than 25 malformed SIP messages are received

within this period, the device blacklists for 60 seconds the remote IP host ('Deny

Threshold') from where the messages were received.

Configure an IDS Rule according to the parameters described in the table below.

Click Apply, and then save your settings to flash memory.

[IDSRule_RuleID]

[IDSRule_Reason]

Figure 13-6: IDS Rule Table - Add Dialog Box

Table 13-4: IDS Rule Table Parameter Descriptions

Defines an index number for the new table record.

Defines the type of intrusion attack (malicious event).

[0] Any = All events listed below are considered as attacks and are

counted together.

[1] Connection abuse = (Default) TLS authentication failure.

[2] Malformed message =

Message exceeds a user-defined maximum message length (50K)

Any SIP parser error

Message Policy match (see ''Configuring SIP Message Policy

Basic headers not present

Content length header not present (for TCP)

Header overflow

[3] Authentication failure =

Local authentication ("Bad digest" errors)

Remote authentication (SIP 401/407 is sent if original message

Mediant 500L Gateway & E-SBC

13. Security

Show Quick Links

Table of Contents