Version 7.2 403 Mediant MSBR
Reference Guide 60. ids
Command Description
major-alrm-thr
Defines the threshold that if crossed a major severity alarm
is sent.
minor-alrm-thr
Defines the threshold that if crossed a minor severity alarm
is sent.
reason {abnormal-
flow|any|auth-
failure|connection-
abuse|establish-
Defines the type of intrusion attack.
threshold-scope
{global
Defines the source of the attacker to consider in the
device's detection count.
threshold-window
Defines the threshold interval (in seconds) during which
the device counts the attacks to check if a threshold is
crossed.
Command Mode
Privileged User
Example
This example configures this IDS policy rule: If 15 malformed SIP messages are received
within a period of 30 seconds, a minor alarm is sent. Every 30 seconds, the rule’s counters
are cleared. If more than 25 malformed SIP messages are received within this period, the
device blacklists for 60 seconds the remote IP host from where the messages were received:
(config-voip)# ids policy 0
(policy-0)# ids rule 1
(rule-0/1)# reason malformed-msg
(rule-0/1)# threshold-scope ip
(rule-0/1)# threshold-window 30
(rule-0/1)# deny-thr 25
(rule-0/1)# deny-period 60
(rule-0/1)# minor-alrm-thr 15
(rule-0/1)# major-alrm-thr 20
(rule-0/1)# critical-alrm-thr 25
(rule-0/1)# activate
To Next Page
Loading...
Need help?
General
