Dynamic blacklisting is a feature that detects abnormal events from endpoints and blocks the traffic from those endpoints for a configured period of time. This feature is designed to detect misbehaving endpoints rather than prevent malicious attacks, for which the system already has other mechanisms. The DBL events and the actions to take for each event are configured by the user in a DBL profile with a set of DBL rules. The DBL profile is then assigned to a SIP trunk group. Any packets that come in to the system from that trunk group will be compared against the DBL rules configured in that DBL profile. When a source violates the conditions in a rule it can be added to the DBL, depending on the definition of the rule. Refer to Dbl Profile - Rule for more information.
To Remove an Entry from the Dynamic Blacklist
- On the SBC main screen, go to Monitoring > Security > Dynamic Black List or
All > Address Context > Dynamic Black List Select the address context from the Address Context list. The Commands list appears as shown below.
Figure 1: Dynamic Black List CommandsSelect Remove Entry from the Commands list and click Select. The removeEntry window opens.
Figure 2: removeEntry WindowIn Source IP Address, enter the source IP address associated with the DBL entry you want to remove.
- Click removeEntry.