In 4.4, there is new dialogue in proxy>advanced. Penalize Threshold Violators (Default: checked) If set on true the IPs identified as threshold violators are automatically added on the black list Packets per Second (Default: 100) Number of packets per second allowed from an IP address before considering it a DoS attack. Every time this threshold is exceeded the Violation Rate value associated with this IP is incremented. Violation Rate (Default: 50) When this threshold is exceeded the IP address is added on the black list. Penalty Period (Default: 3600) Length of time (in milliseconds) that rate violators will be penalized. White List List of trusted IPs (comma separated values of IP addresses or subnet) that will be never added on the black list. Black List List of untrusted IPs (comma separated values of IP addresses or subnet) considered DoS Attackers.
Is this dialogue internal only to the proxy? If so, where does one view any violations? Are there any alarms, I don't see any in the list? If this is not internal to the proxy, is there a format/method for pushing it to a firewall? -- ====================== Tony Graziano, Manager Telephone: 434.984.8430 sip: [email protected] Fax: 434.326.5325 Email: [email protected] LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 sip: [email protected] Helpdesk Contract Customers: http://support.myitdepartment.net Blog: http://blog.myitdepartment.net Linked-In Profile: http://www.linkedin.com/pub/tony-graziano/14/4a6/7a4 _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev/
