0

Auto Defense Rules

Carlo van Dongen

September 11, 2017 07:07

None

Follow

How to read / understand the auto defense rules?

What is each line doing and how it works?

This is the part I found, but is not telling very much.

• Facebook
• Twitter
• LinkedIn

7 comments

• 0
  
  Oscar Colka September 11, 2017 07:16

  To my understanding, AUTO-Defence is like traffic speed control.

  

  The first line of the default auto defense allows 120 SIP packets(which use port UDP 5060 by default) coming into S PBX in 60 seconds. Other rules are similar. 

• 0
  
  Carlo van Dongen September 11, 2017 07:34

  Hi Oscar,

  Thats what I understand to, but direct under it, it have a line with 40/2s on the same UDP 5060 port.

  Why is on that line specified 40 packets whit 2 seconds and what is a packet?

  For me it's a bit strange how to read the firewall rules, I have a customer without any advanced firewall, something what I always prefer to have in front of the network, but I still wanna try to make it secure as possible.

   

• 0
  
  Oscar Colka September 11, 2017 07:53

  Hi Carlo,

  Firewall rules are affected from the top to the bottom. Only all the rules are matched, the packets or connection will be allowed to go through.

  Let me show you an example:

  Assume a hacker try to guess the password by sending SIP register packets into S Series PBX and he send 50 SIP packets per second and stop for 2 minutes, the first rule will allow these packets to going into S Series. As it doesn't beyond the rule. But the second rule will stop it. 

  Hope the example make sense. 

• 0
  
  Carlo van Dongen September 11, 2017 11:50

  Thanx Oscar,

   

  I gonna try to do somethings with this rules, Hope I don't lockout my self ;)

   

• 0
  
  Stephen September 28, 2017 18:48

  Hi Oscar -

  I have a user that is using a Bria softphone app on their iPhone.  They are often on the road and coming in from different IPs.  I find that the PBX blocks them quite often.  Do you know of any good ways to prevent this without weaking the firewall?

   

  Thanks.

• 0
  
  Oscar Colka September 29, 2017 02:01

  Stephen,

  I found one setting that might help, see below screenshot:

  

  With this setting, it is possible to "lock" the extension to specific "user agent", you can try find out the user agent string that Bria softphone send to S PBX and fill in the User Agent field.

   

  Note: It would be better if it is possible to customize the user agent on the softphone, if not, this is not 100% secure. 

• 0
  
  م مطيع المحيا December 09, 2019 22:34

  IP address:  blocked due to Too many failed registration attempts. Please check whether it is the normal operation of user. If yes, the administrator can delete the IP address from IP blacklist. If not, the system might have been attacked, please set a firewall rule to block the IP

  Evryday !!

  What is the solution