User's Manual

Firmware Version 1.0.0.5

UCM6510 IP PBX User Manual

Page 33 of 192

DYNAMIC DEFENSE

Dynamic defense can blacklist hosts dynamically when the UCM6510 is set to "Route" under web

GUI->Settings->Network Settings->Basic Settings: Method. If enabled, the traffic coming into the

UCM6510 can be monitored, which helps prevent massive connection attempts or brute force attacks to the

device. The blacklist can be created and updated by the UCM6510 firewall, which will then be displayed in

the web page. Please refer to the following table for dynamic defense options on the UCM6510.

Table 11: UCM6510 Firewall Dynamic Defense

Dynamic Defense

Enable

Enable dynamic defense. The default setting is disabled.

Periodical Time

Interval

Configure the dynamic defense periodic time interval (in minutes). If the

number of TCP connections from a host exceeds the connection threshold

within this period, this host will be added into Blacklist. The valid value is

between 1 to 59 when dynamic defense is turned on. The default setting is

59.

Blacklist Update

Interval

Configure the blacklist update time interval (in seconds). The default setting is

120.

Connection

Threshold

Configure the connection threshold. Once the number of connections from

the same host reaches the threshold, it will be added into the blacklist. The

default setting is 100.

Dynamic Defense

Whitelist

Configure the dynamic defense whitelist.

For example,

192.168.1.3

192.168.1.4

FAIL2BAN

Fail2Ban feature on the UCM6510 provides intrusion detection and prevention for authentication errors in

SIP REGISTER, INVITE and SUBSCRIBE. Once the entry is detected within "Max Retry Duration", the

UCM6510 will take action to forbid the host for certain period as defined in "Banned Duration". This feature

helps prevent SIP brute force attacks to the PBX system.