AudioCodes Mediant 1000B User Manual page 151

User's Manual
6. Click Add; the following dialog box appears:
The figure above shows a configuration example. If 15 malformed SIP messages are
received within a period of 30 seconds, a minor alarm is sent. Every 30 seconds, the
rule's counters are cleared. In addition, if more than 25 malformed SIP messages are
received within this period, the device blacklists the remote IP host from where the
messages were received for 60 seconds.
7. Configure an IDS Rule according to the parameters described in the table below.
8. Click Submit, and then save ("burn") your settings to flash memory.
Parameter
Index
CLI: rule-id
[IDSRule_RuleID]
Reason
CLI: reason
[IDSRule_Reason]
Version 6.8
Figure 13-6: IDS Rule Table - Add Record
Table 13-4: IDS Rule Table Parameter Descriptions
Defines an index number for the new table record.
Defines the type of intrusion attack (malicious event).

[0] Any = All events listed below are considered as attacks
and are counted together.

[1] Connection abuse (default) = TLS authentication failure.

[2] Malformed message =







[3] Authentication failure =



[4] Dialog establish failure =




Description
Message exceeds a user-defined maximum message
length (50K)
Any SIP parser error
Message Policy match (see ''Configuring SIP Message
Policy Rules'')
Basic headers not present
Content length header not present (for TCP)
Header overflow
Local authentication ("Bad digest" errors)
Remote authentication (SIP 401/407 is sent if original
message includes authentication)
Classification failure (see ''Configuring Classification
Rules'' on page 522)
Routing failure
Other local rejects (prior to SIP 180 response)
Remote rejects (prior to SIP 180 response)
151
13. Security
Mediant 1000B Gateway & SBC