Figure 30: Configure Dynamic Defense - Grandstream Networks UCM6510 User Manual

Periodical Time
Interval
Blacklist Update
Interval
Connection
Threshold
Dynamic Defense
Whitelist
The following figure shows a configuration example like this:
If a host at IP address 192.168.40.7 initiates more than 20 TCP connections to the UCM6510 within 1
•
minute, it will be added into UCM6510 blacklist.
This host 192.168.40.7 will be blocked by the UCM6510 for 300 seconds.
•
Since IP address 192.168.40.5 is in whitelist, if the host at IP address 192.168.40.5 initiates more than
•
20 TCP connections to the UCM6510 within 1 minute, it will not be added into UCM6510 blacklist. It
can still establish TCP connection with the UCM6510.
Firmware Version 1.0.2.5
Configure the dynamic defense periodic time interval (in minutes). If the number
of TCP connections from a host exceeds the "Connection Threshold" within this
period, this host will be added into Blacklist. The valid value is between 1 and 59
when dynamic defense is turned on. The default setting is 59.
Configure the blacklist update time interval (in seconds). The default setting is
120. This defines how long the IP will be blocked once added into the UCM6510
blacklist. For example, if it's set to 300 seconds, the blocked IP address will only
be able to establish TCP connection with the UCM6510 again after 300
seconds.
Configure the connection threshold. Once the number of connections from the
same host reaches the threshold during "Periodical Time Interval", it will be
added into the blacklist. The default setting is 100.
Configure the dynamic defense whitelist. This is a list of Ips that will not be
blocked by the UCM6510. For example,
192.168.1.3
192.168.1.4
Figure 30: Configure Dynamic Defense
UCM6510 IP PBX User Manual Page 60 of 317