Dynamic Defense; Fail2Ban; Figure 15: Ssh Connection Blocked By Ucm6100 - Grandstream Networks UCM6100 Manual Manual

Figure 15: SSH Connection Blocked by UCM6100

DYNAMIC DEFENSE

Dynamic defense is supported on UCM6102 and UCM6510 when LAN mode is set to "Route". It can be
configured from Web UI->Settings->Firewall->Dynamic Defense. Once enabled, it will try to blacklist
massive connection attempts or brute force attacks made by individual host.
The UCM6100 Dynamic Defense model also allows users to customize the connection threshold and time
interval, meaning users can manually set the period for the max connection made by individual IP address.
In addition, whitelist is supported so that certain hosts will not be blocked by Dynamic Defense.
For more configuration details, please refer to UCM6100 User Manual.

FAIL2BAN

Fail2Ban is mainly designed to detect and prevent intrusion for authentication errors in SIP REGISTER,
INVITE and SUBSCRIBE method. It can be configured from Web UI->Settings->Firewall->Fail2ban. Users
can customize the maximum retry times that one host can attempt in a period of time. If a host initiates
attempts which exceed maximum retry times, it will be banned by UCM6100 for a certain amount of time.
User can also add a whitelist for the host that will not be punished by this defensive mechanism.
Fail2Ban can be enabled in the UCM61xx web UI->Firewall->Fail2Ban. By default Fail2Ban is disabled
UCM6100 Security Manual Page 20 of 23