EasyManuals Logo

AudioCodes Mediant 2000 User Manual

AudioCodes Mediant 2000
702 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #147 background imageLoading...
Page #147 background image
Version 6.6 147 Mediant 2000
User's Manual 12. Security
Table 12-2: IDS Rule Table Parameters
Parameter Description
Index
CLI: rule-id
[IDSRule_RuleID]
Defines the table row number for the rule.
Reason
CLI: reason
[IDSRule_Reason]
Defines the type of intrusion attack (malicious event).
 [0] Any = All events listed below are considered as attacks and
are counted together.
 [1] Connection abuse (default) = TLS authentication failure.
 [2] Malformed message =

Message exceeds a user-defined maximum message length
(50K)

Any SIP parser error

Message Policy match (see Configuring SIP Message Policy
Rules)

Basic headers not present

Content length header not present (for TCP)

Header overflow
 [3] Authentication failure =

Local authentication ("Bad digest" errors)

Remote authentication (SIP 401/407 is sent if original
message includes authentication)
 [4] Dialog establish failure =

Classification failure (see Configuring Classification Rules)

Routing failure

Other local rejects (prior to SIP 180 response)

Remote rejects (prior to SIP 180 response)
 [5] Abnormal flow =

Requests and responses without a matching transaction user
(except ACK requests)

Requests and responses without a matching transaction
(except ACK requests)
Threshold Scope
CLI: threshold-scope
[IDSRule_ThresholdScope
]
Defines the source of the attacker to consider in the device's
detection count.
 [0] Global = All attacks regardless of source are counted together
during the threshold window.
 [2] IP = Attacks from each specific IP address are counted
separately during the threshold window.
 [3] IP+Port = Attacks from each specific IP address:port are
counted separately during the threshold window. This option is
useful for NAT servers, where numerous remote machines use
the same IP address but different ports. However, it is not
recommended to use this option as it may degrade detection
capabilities.
Threshold Window
CLI: threshold-window
[IDSRule_ThresholdWindo
w]
Defines the threshold interval (in seconds) during which the device
counts the attacks to check if a threshold is crossed. The counter is
automatically reset at the end of the interval.
The valid range is 1 to 1,000,000. The default is 1.

Table of Contents

Other manuals for AudioCodes Mediant 2000

Preview: Installation Guide
Installation Guide44 pages
Preview: Installation Manual
Installation Manual44 pages
Preview: Hardware Installation Manual
Hardware Installation Manual30 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the AudioCodes Mediant 2000 and is the answer not in the manual?

AudioCodes Mediant 2000 Specifications

General IconGeneral
BrandAudioCodes
ModelMediant 2000
CategoryGateway
LanguageEnglish

Related product manuals