Brekeke SIP Server Wiki

Block List Settings

[General] section

Block list feature can be turned on or off, and adjust cache size.
When [Block Failed Username] is set on, the blocked failed-authentication user names will be added at [Blocked User Name] page.
When [Blocked Log] is set off, blocked activities will not be added to [Logs] > [Blocked Logs]

 

[Attempt Tracking/Monitoring] section

You can adjust detection frequency for attacking attempts.
If the attacking attempts meet the tracking frequency setting in [Invalid Destination], [Invalid Packet], [Multiple Accesses] and [Prefix Scan] fields and are sent from the same IP address, this IP address will be added to [Blocked IP Address] page automatically.

The failed authentication user names will be added to [Blocked User Name] page automatically if the failed authentication attempts from different IP addresses are using the same failed authentication user name and meet the tracking frequency setting in the [Failed Authentication] field.

 

[Notify to Other Brekeke SIP Servers] section

When this feature is set on, the blocked IP addresses in current Brekeke SIP Server [Blocked IP Address] page will be updated on the remote Brekeke SIP Server(s) located at IP(s) set in [IP addresses] field.
Multiple remote IP addresses or domanin name can be set in [IP addresses or FQDN] field, separated by comma, such as, 192.168.200.1,192.168.200.2.

The following Dial Plan rule is needed at remote Brekeke SIP Server to accept the blocked IP notification:

---------------------
[Matching Patterns]
$request = ^MANAGEMENT
$addr = <Brekeke_SIP_Server_IP>
Command = (.+)

[Deploy Patterns]
$action = %1
---------------------

Replace <Brekeke_SIP_Server_IP> with the Brekeke SIP Server IP address with [Notify to Other Brekeke SIP Servers] setup.

 

Related Links
Yes No
Suggest Edit