User's Manual 182 Document #: LTRT-89730
Mediant 3000
Parameter Description
 Classification failure (see ''Configuring Classification Rules'' on
page 595)
Routing failure
Other local rejects (prior to SIP 180 response)
Remote rejects (prior to SIP 180 response)
 [5] Abnormal flow =
Requests and responses without a matching transaction user
(except ACK requests)
Requests and responses without a matching transaction
Threshold Scope
[IDSRule_ThresholdScope]
Defines the source of the attacker to consider in the device's detection
count.
 [0] Global = All attacks regardless of source are counted together
during the threshold window.
 [2] IP = Attacks from each specific IP address are counted
separately during the threshold window.
 [3] IP+Port = Attacks from each specific IP address:port are
counted separately during the threshold window. This option is
useful for NAT servers, where numerous remote machines use the
same IP address but different ports. However, it is not
recommended to use this option as it may degrade detection
capabilities.
Threshold Window
[IDSRule_ThresholdWindow]
Defines the threshold interval (in seconds) during which the device
counts the attacks to check if a threshold is crossed. The counter is
automatically reset at the end of the interval.
The valid range is 1 to 1,000,000. The default is 1.
Minor-Alarm Threshold
[IDSRule_MinorAlarmThresh
old]
Defines the threshold that if crossed a minor severity alarm is sent.
The valid range is 1 to 1,000,000. A value of 0 or -1 means not
defined.
Major-Alarm Threshold
[IDSRule_MajorAlarmThresh
old]
Defines the threshold that if crossed a major severity alarm is sent.
The valid range is 1 to 1,000,000. A value of 0 or -1 means not
defined.
Critical-Alarm Threshold
[IDSRule_CriticalAlarmThres
hold]
Defines the threshold that if crossed a critical severity alarm is sent.
The valid range is 1 to 1,000,000. A value of 0 or -1 means not
defined.
Deny Threshold
[IDSRule_DenyThreshold]
Defines the threshold that if crossed, the device blocks (blacklists) the
remote host (attacker).
The default is -1 (i.e., not configured).
Note: The parameter is applicable only if the 'Threshold Scope'
parameter is set to IP or IP+Port.
Deny Period
[IDSRule_DenyPeriod]
Defines the duration (in sec) to keep the attacker on the blacklist.
The valid range is 0 to 1,000,000. The default is -1 (i.e., not
configured).
To Next Page
Loading...
Need help?
General
