AudioCodes Mediant 4000 SBC User Manual page 182
Session border controllers
Hide thumbs
Also See for Mediant 4000 SBC:
- User manual (964 pages) ,
- Hardware installation manual (40 pages) ,
- User manual (822 pages)
Table of Contents
Advertisement
CHAPTER 14 Security
Parameter
'Threshold Scope'
threshold-scope
[IDSRule_
ThresholdScope]
'Threshold Window'
threshold-window
[IDSRule_
ThresholdWindow]
Alarms
'Minor-Alarm Threshold'
minor-alrm-thr
[IDSRule_
MinorAlarmThreshold]
'Major-Alarm Threshold'
major-alrm-thr
[IDSRule_
MajorAlarmThreshold]
'Critical-Alarm
Threshold'
critical-alrm-thr
[IDSRule_
CriticalAlarmThreshold]
Deny
'Deny Threshold'
deny-thr
[IDSRule_
DenyThreshold]
✔
Requests and responses without a matching transaction
user (except ACK requests)
✔
Requests and responses without a matching transaction
(except ACK requests)
Defines the source of the attacker to consider in the device's
detection count.
■
[0] Global = All attacks regardless of source are counted
together during the threshold window.
■
[2] IP = Attacks from each specific IP address are counted
separately during the threshold window.
■
[3] IP+Port = Attacks from each specific IP address:port are
counted separately during the threshold window. This option is
useful for NAT servers, where numerous remote machines use
the same IP address but different ports. However, it is not
recommended to use this option as it may degrade detection
capabilities.
Defines the threshold interval (in seconds) during which the device
counts the attacks to check if a threshold is crossed. The counter is
automatically reset at the end of the interval.
The valid range is 1 to 1,000,000. The default is 1.
Defines the threshold that if crossed a minor severity alarm is sent.
The valid range is 1 to 1,000,000. A value of 0 or -1 means not
defined.
Defines the threshold that if crossed a major severity alarm is sent.
The valid range is 1 to 1,000,000. A value of 0 or -1 means not
defined.
Defines the threshold that if crossed a critical severity alarm is sent.
The valid range is 1 to 1,000,000. A value of 0 or -1 means not
defined.
Defines the threshold that if crossed, the device blocks (blacklists)
the remote host (attacker).
The default is -1 (i.e., not configured).
Note: The parameter is applicable only if the 'Threshold Scope'
parameter is set to IP or IP+Port.
- 149 -
Mediant 4000 SBC | User's Manual
Description
Advertisement
Table of Contents
Troubleshooting
