EasyManuals Logo

AudioCodes Mediant 3000 User Manual

AudioCodes Mediant 3000
1070 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #185 background imageLoading...
Page #185 background image
Version 7.0 185 Mediant 3000
User's Manual 14. Security
If the severity level is raised, the alarm of the former severity is cleared and the
device sends a new alarm with the new severity. The alarm is cleared after a
user-defined period (configured by the ini file parameter, IDSAlarmClearPeriod)
during which no thresholds have been crossed. However, this "quiet" period must
be at least twice the 'Threshold Window' value (configured in ''Configuring IDS
Policies'' on page 179). For example, if you set IDSAlarmClearPeriod to 20 sec
and 'Threshold Window' to 15 sec, the IDSAlarmClearPeriod parameter is
ignored and the alarm is cleared only after 30 seconds (2 x 15 sec).
The figure below displays an example of IDS alarms in the Active Alarms table
(''Viewing Active Alarms'' on page 737). In this example, a Minor threshold alarm
is cleared and replaced by a Major threshold alarm:
Figure 14-8: IDS Alarms in Active Alarms Table
acIDSBlacklistNotification event: The device sends this event whenever an attacker
(remote host at IP address and/or port) is added to or removed from the blacklist.
The device also sends IDS notifications and alarms in Syslog messages to a Syslog
server. This occurs only if you have configured Syslog (see ''Enabling Syslog'' on page
803). An example of a Syslog message with IDS alarms and notifications is shown below:
Figure 14-9: Syslog Message Example with IDS Alarms and Notifications
The table below lists the Syslog text messages per malicious event:
Table 14-6: Types of Malicious Events and Syslog Text String
Type Description Syslog String
Connection
Abuse
TLS authentication failure abuse-tls-auth-fail
Malformed
Messages
Message exceeds a user-defined maximum
message length (50K)
Any SIP parser error
Message policy match
Basic headers not present
Content length header not present (for TCP)
Header overflow
malformed-invalid-
msg-len
malformed-parse-error
malformed-message-
policy
malformed-miss-
header
malformed-miss-
content-len
malformed-header-
overflow
Authentication
Failure
Local authentication ("Bad digest" errors)
Remote authentication (SIP 401/407 is sent if
original message includes authentication)
auth-establish-fail
auth-reject-response
Dialog
Classification failure establish-classify-fail

Table of Contents

Other manuals for AudioCodes Mediant 3000

Preview: Installation Manual
Installation Manual90 pages
Preview: Hardware Installation Manual
Hardware Installation Manual88 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the AudioCodes Mediant 3000 and is the answer not in the manual?

AudioCodes Mediant 3000 Specifications

General IconGeneral
BrandAudioCodes
ModelMediant 3000
CategoryGateway
LanguageEnglish

Related product manuals