Viewing IDS Active Blocked List

The IDS Active Blocked List table displays the remote hosts that are currently blocked by the device's Intrusion Detection System (IDS).

For more information on IDS configuration, see Intrusion Detection System

For devices in High-Availability (HA) mode, all the table's entries are deleted upon an HA switchover.

The following procedure describes how to view the IDS Active Blocked List table through the Web interface. You can also view the table through CLI using the command, show voip ids blacklist active.

To view the active IDS blocked list:
Open the IDS Active Blocked List page (Monitor menu > Monitor tab > Network Status folder > IDS Active Blocked List).

IDS Active Blocked List Table Description

Field

Description

Remaining Time

The duration left until the device deletes the attacker (remote host) from the table and takes it off the IDS blocked list. The blocked period is configured by the 'Deny Period' (IDSRule_DenyPeriod) parameter.

Network Interface

The device's IP Interface on which the malicious attack was detected.

IP Address

The IP address of the attacker (remote host).

Port

The port of the attacker (remote host).

Note: The field is applicable only if the 'Threshold Scope' (IDSRule_ThresholdScope) parameter of the associated IDS rule is configured to IP+Port.

Transport Type

The transport type used for the attack.

Removal Key

A unique number (key) that the device assigns to the listed blocked entry. This is used if you want to remove a specific blocked entry from the table, which is done through the CLI command, clear voip ids blacklist <Removal Key>.