GRANDSTREAM GCC6000 Series Botnet Guide
Specifications
- Manufacturer: Grandstream Networks, Inc.
- Product Series: GCC6000 Series – Botnet Guide
- Supported Devices:
- Device Model GCC6010W
- Device Model GCC6010
- Device Model GCC6011
- Firmware Required: 1.0.1.7+ for all supported device models
Product Usage Instructions
Botnet Attack Prevention
- Navigate to Firewall Module > Intrusion Prevention > Botnet.
- Set Botnet IP to Block.
- You can also set Botnet Domain name to Block to prevent external users from launching attacks on a publicly accessible server.
Allowing Specific IP/Domain
If there are specific external users (e.g., remote workers) that you want to allow access, follow these steps:
- Add the public IP address or domain name of the allowed users to the exception list.
- This ensures that legitimate users are not blocked by the Botnet defense mechanism.
FAQ
Q: What firmware version is required for the supported device models?
A: Firmware version 1.0.1.7 or higher is required for Device Models GCC6010W, GCC6010, and GCC6011.
GCC6000 Series – Botnet Guide
Introduction
The GCC convergence device includes a protection feature against botnet attacks, the way the attack works is when an attacker, either from outside the network (WAN side) or inside the network (LAN side), coordinates multiple hosts infected with malware (bots), to perform a specific action while managed by a command-and-control (C&C) server.
The attacker can do that by either infecting many computers with malware, and controlling them using a C&C server to flood the target and make it unresponsive, or by performing the action from one powerful computer that sends web requests to the target from randomized different source IP addresses, both methods will have the same effect on the target: harm the availability of the service.
Botnet Defense Action
To prevent a Botnet Attack, Follow the below steps:
- Navigate to Firewall Module → Intrusion Prevention → Botnet
- Set Botnet IP to Block
- Additionally, you can set Botnet Domain name to Block, this will block external users from launching a Botnet attack on a locally hosted server accessible publicly with a domain name.
Botnet Configuration Confirmed
Once the prevention is enabled, if an external user attempts to flood your network by targeting the public IP of the gateway, it will be blocked and will be recorded in the security logs as shown below:
Details on Security Logs
In some cases, you will have a specific IP address or domain name, making several requests from outside the LAN to your internal network, and that you want to allow, for example, a remote worker who has the job of retrieving multiple information for an internal secured database, what you can do, is to add the public IP address of the remote worker that is connected through a VPN tunnel, to the list of IP/Domain name exception list.
It is advised to regularly update the protection database under Intrusion Prevention → Signature Library to ensure that all attack vectors and attack types are up to date. You can also create a schedule for the update.
Supported Devices
| Device Model | Firmware Required |
| GCC6010W | 1.0.1.7+ |
| GCC6010 | 1.0.1.7+ |
| GCC6011 | 1.0.1.7+ |
Need Support?
Can’t find the answer you’re looking for? Don’t worry we’re here to help!
CONTACT SUPPORT
Documents / Resources
 |
GRANDSTREAM GCC6000 Series Botnet Guide [pdf] User Guide GCC6010W, GCC6010, GCC6011, GCC6000 Series Botnet Guide, GCC6000 Series, Botnet Guide, Guide, Botnet |
