User's Manual 184 Document #: LTRT-10632
Mediant 800B Gateway & E-SBC
6. Click New; the following dialog box appears:
Figure 13-5: IDS Rule Table - Add Dialog Box
The figure above shows a configuration example: If 15 malformed SIP messages
('Reason') are received within a period of 30 seconds ('Threshold Window'), a minor
alarm is sent ('Minor-Alarm Threshold'). Every 30 seconds, the rule’s counters are
cleared ('Threshold Window'). If more than 25 malformed SIP messages are received
within this period, the device blacklists for 60 seconds the remote IP host ('Deny
Threshold') from where the messages were received.
7. Configure an IDS Rule according to the parameters described in the table below.
8. Click Apply, and then save your settings to flash memory.
9. For example
Table 13-4: IDS Rule Table Parameter Descriptions
Parameter Description
General
Index
rule-id
[IDSRule_RuleID]
Defines an index number for the new table record.
Reason
reason
[IDSRule_Reason]
Defines the type of intrusion attack (malicious event).
[0] Any = All events listed below are considered as attacks
and are counted together.
[1] Connection abuse = (Default) TLS authentication failure.
[2] Malformed message =
Message exceeds a user-defined maximum message
length (50K)
Any SIP parser error
Message Policy match (see 'Configuring SIP Message
Policy Rules')
Basic headers not present
Content length header not present (for TCP)
Header overflow
[3] Authentication failure =
Local authentication ("Bad digest" errors)
To Next Page
Loading...
