Configure the connection threshold. Once a host exceeds this threshold, it will
be added to the blacklist. Default setting is 100.
The following figure shows a configuration example like this:
• If a host at IP address 192.168.5.7 initiates more than 20 TCP connections to the UCM6200 within 1 minute,
it will be added into UCM6200 blacklist.
• This host 192.168.5.7 will be blocked by the UCM6200 for 500 seconds.
• Since IP range 192.168.5.100-192.168.5.200 is in whitelist, if a host initiates more than 20 TCP connections
to the UCM6200 within 1 minute, it will not be added into UCM6200 blacklist. It can still establish TCP
connection with the UCM6200.
Figure 29: Configure Dynamic Defense
Fail2ban
Fail2Ban feature on the UCM6200 provides intrusion detection and prevention for authentication errors in SIP
REGISTER, INVITE and SUBSCRIBE and prevents SIP brute force attacks on the PBX system.
Once an IP address exceeds the allowed number of login or SIP authentication attempts within the configured
"Max Retry Duration" period, all SIP and HTTP requests from that IP address will be dropped, forbidding web
access and blocking further authentication attempts.
To Next Page
Loading...
Need help?
General
