Viewing IDS Active Blacklist
You can view remote hosts that are currently blacklisted by the device's Intrusion Detection System (IDS) in the IDS Active Black List table. For more information on IDS configuration and blacklists, see Intrusion Detection System
The following procedure describes how to view the IDS Active Black List table through the Web interface. You can also view the table through CLI using the command, show voip ids blacklist active.
| ➢ | To view the active IDS blacklist: |
| ■ | Open the IDS Active Black List page (Monitor menu > Monitor tab > Network Status folder > IDS Active Black List). |
IDS Active Black List Table Description
|
Field |
Description |
|---|---|
|
Index |
Table row index. |
|
Network Interface |
The device's IP Interface on which the malicious attack was detected. |
|
IP Address |
The IP address of the attacker (remote host). |
|
Port |
The port of the attacker (remote host). Note: The field is applicable only if the 'Threshold Scope' (IDSRule_ThresholdScope) parameter of the associated IDS rule is configured to IP+Port. |
|
Transport Type |
The transport type used for the attack. |
|
Remaining Time |
The duration left until the device deletes the attacker (remote host) from the table and takes it off the IDS blacklist. The blacklisted period is configured by the 'Deny Period' (IDSRule_DenyPeriod) parameter. |
|
Removal Key |
A unique number (key) that the device assigns to the blacklisted entry. This is used if you want to remove a specific blacklisted entry from the table, which is done through the CLI command, clear voip ids blacklist <Removal Key>. |