Operation Manual

COMfortel 1400IP/2600IP/3600IP - Firmware V2.2G - Operation and Configuration V03 07/2015 547

Settings

Network

IP Blacklist and Whitelist as Protection Against Attacks from the Internet

As soon as the phone is connected to the Internet, it is at risk of being attacked, for example,

by DoS (Denial of Service) attacks, or attacks aimed at the internal SIP server, that come via

the Internet.

To prevent this, you can enable an IP blacklist.

Notes:

Switching IP Blacklist and Whitelist On/Off

If the PBX's IP blacklist is enabled, it monitors and evaluates network-based access

attempts, such as the number of data packets per second or SIP authentication failures.

If traffic from a particular IP address is judged as being too high - and therefore probably

malicious- this IP address is blocked. This means accesses from this IP address to the

telephone are blocked (block time). Initially this block lasts for five minutes. A note appears in

the status line on the Home screen. During the block time the telephone continues to monitor

traffic from this IP address. If traffic from this IP address to the PBX continues to be too high,

the single block time is extended (block time restarts).

Important: Switching off the IP blacklist and whitelist or restarting the

telephone deletes all the entries in the locking list.

You can switch the IP blacklist and whitelist functions on and off as follows:

• Using the configuration manager

You can display and delete blacklists that were set up automati-

cally:

• in the telephone, under Apps > Settings > Network >

Network > IP blacklist

• in the configuration manager on the Settings > Network >

Blacklist and whitelist settings screen

You can also enter IP addresses which should not be blocked

even though they receive a lot of data traffic:

• in the telephone, under Apps > Settings > Network >

Network > IP whitelist

• in the configuration manager on the Settings > Network >

Blacklist and whitelist settings screen