Setup Advanced Firewall
The ConnexCS uses a threat detection system to blacklist attackers.
Threat Detection System¶
Threat Detection is always on and, along with other key identifiers, analysing traffic hitting our platform. It primarily pays attention to authentication failures on both registration and firewall of a particular threshold. If certain criteria is exceeded the system will issue a system wide block.
Should this happen to an IP address of your customer / carrier, you can remove it by clicking on checkbox by the IP address and clicking on the delete icon.
If you have a customer or carrier who sends a large volume of unauthorized calls, it is possible that they will be added to the Block list.
You may see attempts hitting your switch which are not authorized and then fail. These are attempts which our system has successfully declined the call to process. There is no need to take further action to stop these calls.
It is important that calls such as these are visible for 2 reasons.
- If we block an IP address too quickly, this may be a customer who is trying to interconnect with you. Once blocked, you lose the ability to view debugging information as the packets are dropped prior to logging.
- If we block too soon, we lose the ability to ascertain any attack patterns and profiling information on an attack. Having some data allows us to see progressive attacks spanning multiple IP addresses.
It can take up to 15 minutes after an IP has been removed from the block list before it is updated across the entire platform.