CHAPTER14 Security
Mediant 800 Gateway & E-SBC | User's Manual
Parameter Description
✔ Requests and responses without a matching transaction
user (except ACK requests)
✔ Requests and responses without a matching transaction
(except ACK requests)
'Threshold Scope'
threshold-scope
[IDSRule_
ThresholdScope]
Defines the source of the attacker to consider in the device's
detection count.
■ [0] Global = All attacks regardless of source are counted
together during the threshold window.
■ [2] IP = Attacks from each specific IP address are counted
separately during the threshold window.
■ [3] IP+Port = Attacks from each specific IP address:port are
counted separately during the threshold window. This option is
useful for NAT servers, where numerous remote machines use
the same IP address but different ports. However, it is not
recommended to use this option as it may degrade detection
capabilities.
'Threshold Window'
threshold-window
[IDSRule_
ThresholdWindow]
Defines the threshold interval (in seconds) during which the device
counts the attacks to check if a threshold is crossed. The counter is
automatically reset at the end of the interval.
The valid range is 1 to 1,000,000. The default is 1.
Alarms
'Minor-Alarm Threshold'
minor-alrm-thr
[IDSRule_
MinorAlarmThreshold]
Defines the threshold that if crossed a minor severity alarm is sent.
The valid range is 1 to 1,000,000. A value of 0 or -1 means not
defined.
'Major-Alarm Threshold'
major-alrm-thr
[IDSRule_
MajorAlarmThreshold]
Defines the threshold that if crossed a major severity alarm is sent.
The valid range is 1 to 1,000,000. A value of 0 or -1 means not
defined.
'Critical-Alarm
Threshold'
critical-alrm-thr
[IDSRule_
CriticalAlarmThreshold]
Defines the threshold that if crossed a critical severity alarm is sent.
The valid range is 1 to 1,000,000. A value of 0 or -1 means not
defined.
Deny
'Deny Threshold'
deny-thr
[IDSRule_
DenyThreshold]
Defines the threshold that if crossed, the device blocks (blacklists)
the remote host (attacker).
The default is -1 (i.e., not configured).
Note: The parameter is applicable only if the 'Threshold Scope'
parameter is set to IP or IP+Port.
- 151 -
To Next Page
Loading...
