Block Authentication Scan will ban any IP that try any invalid user or password to register a phone. You can configurate how many times have the IP to fail for been banned, at the same case you can configurate in how much time this chances will reset.

At the start you will need to create a new list:

• Networking → Traffic classes → Lists → Create new list called “blacklist”
• Then you have to block the IPs on this list, so:
• Secutiry → Firewall → Add input:
• x – Enabled
• Type: Input
• Traffic: x – Custom; Networtk: x – Source Address x – Lists: blacklist
• Action: Drop

After that you will create a trigger rule:

• Monitor → Trigger → Rules: Add
• x - Enabled
• Name: ban ip
• Priority: First
• Conditions: x – Custom; Variables: Variable text: Name: action Expresion: ^ban$
• Action: x – Custom; IP list : x – Add; ${network_ip}/32; List: blacklist

The last thing you need to do is to activate Authentication ban:

• Telephony → General → Authentication Ban:
• x – Enabled
• Max retry: 4
• Find time: 3600 Seconds
• Ban time: 60 Seconds
• Trigger class (Ban and unban events): default

Also you can create another trigger to unban the banned IPs:

• x – Enabled
• Name: unban ip
• Priority: First
• Conditions: x – Custom; Variables: Variable text: Name: action Expresion: ^unban$
• Action: x – Custom; IP list : x – Remove; ${network_ip}/32; List: blacklist