AudioCodes Mediant 800B User Manual page 184
Gateway & enterprise sbc (e-sbc)
Hide thumbs
Also See for Mediant 800B:
- User manual (1258 pages) ,
- Installation and maintenance manual (104 pages) ,
- Hardware installation manual (56 pages)
Table of Contents
Advertisement
6.
Click New; the following dialog box appears:
The figure above shows a configuration example: If 15 malformed SIP messages
('Reason') are received within a period of 30 seconds ('Threshold Window'), a minor
alarm is sent ('Minor-Alarm Threshold'). Every 30 seconds, the rule's counters are
cleared ('Threshold Window'). If more than 25 malformed SIP messages are received
within this period, the device blacklists for 60 seconds the remote IP host ('Deny
Threshold') from where the messages were received.
7.
Configure an IDS Rule according to the parameters described in the table below.
8.
Click Apply, and then save your settings to flash memory.
9.
For example
Parameter
General
Index
rule-id
[IDSRule_RuleID]
Reason
reason
[IDSRule_Reason]
User's Manual
Figure 13-5: IDS Rule Table - Add Dialog Box
Table 13-4: IDS Rule Table Parameter Descriptions
Defines an index number for the new table record.
Defines the type of intrusion attack (malicious event).
[0] Any = All events listed below are considered as attacks
and are counted together.
[1] Connection abuse = (Default) TLS authentication failure.
[2] Malformed message =
Message exceeds a user-defined maximum message
length (50K)
Any SIP parser error
Message Policy match (see 'Configuring SIP Message
Policy Rules')
Basic headers not present
Content length header not present (for TCP)
Header overflow
[3] Authentication failure =
Local authentication ("Bad digest" errors)
Mediant 800B Gateway & E-SBC
Description
184
Document #: LTRT-10632
Advertisement
Table of Contents
