Figure 30: configure dynamic defense – Grandstream UCM6510 User Manual User Manual

Firmware Version 1.0.2.5

UCM6510 IP PBX User Manual

Page 59 of 313

Periodical Time

Interval

Configure the dynamic defense periodic time interval (in minutes). If the number

of TCP connections from a host exceeds the “Connection Threshold” within this

period, this host will be added into Blacklist. The valid value is between 1 and 59

when dynamic defense is turned on. The default setting is 59.

Blacklist Update

Interval

Configure the blacklist update time interval (in seconds). The default setting is

120. This defines how long the IP will be blocked once added into the UCM6510

blacklist. For example, if it’s set to 300 seconds, the blocked IP address will only

be able to establish TCP connection with the UCM6510 again after 300

seconds.

Connection

Threshold

Configure the connection threshold. Once the number of connections from the

same host reaches the threshold during “Periodical Time Interval”, it will be

added into the blacklist. The default setting is 100.

Dynamic Defense

Whitelist

Configure the dynamic defense whitelist. This is a list of IPs that will not be

blocked by the UCM6510. For example,

192.168.1.3

192.168.1.4

The following figure shows a configuration example like this:

• If a host at IP address 192.168.40.7 initiates more than 20 TCP connections to the UCM6510 within 1

minute, it will be added into UCM6510 blacklist.

• This host 192.168.40.7 will be blocked by the UCM6510 for 300 seconds.
• Since IP address 192.168.40.5 is in whitelist, if the host at IP address 192.168.40.5 initiates more than

20 TCP connections to the UCM6510 within 1 minute, it will not be added into UCM6510 blacklist. It

can still establish TCP connection with the UCM6510.

Figure 30: Configure Dynamic Defense