Block List Settings
Block list feature can be turned on or off, and adjust cache size.
When [Block Failed Username] is set on, the blocked failed-authentication user names will be added at [Blocked User Name] page.
When [Blocked Log] is set off, blocked activities will not be added to [Logs] > [Blocked Logs]
[Attempt Tracking/Monitoring] section
You can adjust detection frequency for attacking attempts.
If the attacking attempts meet the tracking frequency setting in [Invalid Destination], [Invalid Packet], [Multiple Accesses] and [Prefix Scan] fields and are sent from the same IP address, this IP address will be added to [Blocked IP Address] page automatically.
The failed authentication user names will be added to [Blocked User Name] page automatically if the failed authentication attempts from different IP addresses are using the same failed authentication user name and meet the tracking frequency setting in the [Failed Authentication] field.
[Notify to Other Brekeke SIP Servers] section
When this feature is set on, the blocked IP addresses in current Brekeke SIP Server [Blocked IP Address] page will be updated on the remote Brekeke SIP Server(s) located at IP(s) set in [IP addresses] field.
Multiple remote IP addresses or domanin name can be set in [IP addresses or FQDN] field, separated by comma, such as, 192.168.200.1,192.168.200.2.
The following Dial Plan rule is needed at remote Brekeke SIP Server to accept the blocked IP notification:
--------------------- [Matching Patterns] $request = ^MANAGEMENT $addr = <Brekeke_SIP_Server_IP> Command = (.+) [Deploy Patterns] $action = %1 ---------------------
Replace <Brekeke_SIP_Server_IP> with the Brekeke SIP Server IP address with [Notify to Other Brekeke SIP Servers] setup.