User's Manual 180 Document #: LTRT-10532
Mediant 500L Gateway & E-SBC
Parameter Description
[4] Dialog establish failure =
Classification failure (see ''Configuring Classification Rules'' on
page
677). This also applies to calls rejected by the device based
on a registered users policy (configured by the
SRD_BlockUnRegUsers or SIPInterface_BlockUnRegUsersblocks
parameters).
Routing failure
Other local rejects (prior to SIP 180 response)
Remote rejects (prior to SIP 180 response)
Malicious signature pattern detected (see ''Configuring Malicious
Signatures'' on page
743)
[5] Abnormal flow =
Requests and responses without a matching transaction user
(except ACK requests)
Requests and responses without a matching transaction (except
Threshold Scope
threshold-scope
[IDSRule_ThresholdSco
pe]
Defines the source of the attacker to consider in the device's detection
count.
[0]
Global = All attacks regardless of source are counted together during
the threshold window.
[2] IP = Attacks from each specific IP address are counted separately
during the threshold window.
[3] IP+Port = Attacks from each specific IP address:port are counted
separately during the threshold window. This option is useful for NAT
servers, where numerous remote machines use the same IP address
but different ports. However, it is not recommended to use this option as
it may degrade detection capabilities.
Threshold Window
threshold-window
[IDSRule_ThresholdWin
dow]
Defines the threshold interval (in seconds) during which the device counts
the attacks to check if a threshold is crossed. The counter is automatically
reset at the end of the interval.
The valid range is 1 to 1,000,000. The default is 1.
Alarms
Minor-Alarm Threshold
minor-alrm-thr
[IDSRule_MinorAlarmT
hreshold]
Defines the threshold that if crossed a minor severity alarm is sent.
The valid range is 1 to 1,000,000. A value of 0 or -1 means not defined.
Major-Alarm Threshold
major-alrm-thr
[IDSRule_MajorAlarmT
hreshold]
Defines the threshold that if crossed a major severity alarm is sent.
The valid range is 1 to 1,000,000. A value of 0 or -1 means not defined.
Critical-Alarm Threshold
critical-alrm-thr
[IDSRule_CriticalAlarm
Threshold]
Defines the threshold that if crossed a critical severity alarm is sent.
The valid range is 1 to 1,000,000. A value of 0 or -1 means not defined.
Deny
Deny Threshold
deny-thr
Defines the threshold that if crossed, the device blocks (blacklists) the
remote host (attacker).
To Next Page
Loading...
