Implement Dynamic Blocklisting of Malicious Activity (IDS)

It's important to use the device's Intrusion Detection System feature (IDS) to enable the device to detect malicious attacks targeted on the device (e.g., DoS, SPAM, and Theft of Service). It's crucial to be aware of any attacks to ensure that the legitimate call service is always maintained. If any user-defined attacks are identified, the device can do the following:

Block (blocklist) remote hosts (IP addresses / ports) considered as malicious. The device automatically blocks the malicious source for a user-defined period after which it's removed from the blocklist.
Send SNMP traps to notify of the malicious activity and/or whether an attacker has been added to or removed from the blocklist.

The IDS configuration is based on IDS Policies, where each policy can be configured with a set of IDS rules. Each rule defines a type of malicious attack to detect and the number of attacks (alarm threshold) during an interval (threshold window) before an SNMP trap is sent. Each policy is then applied to a target under attack (SIP Interface) and/or source of attack (Proxy Set and/or subnet address).

To configure IDS:
1. Open the IDS General Settings page (Setup menu > Signaling & Media tab > Intrusion Detection folder > IDS General Settings), and then from the 'Intrusion Detection System (IDS)' drop-down list, select Enable:

2. Open the IDS Policies table (Setup menu > Signaling & Media tab > Intrusion Detection folder > IDS Policies), and then configure an IDS policy "ITSP DoS", as shown selected below:

Configuring IDS Policy Name in IDS Policy Table

ids1

3. Open the IDS Rule table by clicking the IDS Rule link located below the IDS Policies table, and then configure IDS rules for the "ITSP DoS" IDS policy:

Configuring Rules in IDS Rule Table

ids2

4. Open the IDS Matches table (Setup menu > Signaling & Media tab > Intrusion Detection folder > IDS Matches), and then assign the IDS Policy to a specific SIP interface and subnet:

Applying IDS Policy to Elements in IDS Match Table

ids3