CHAPTER14 Security
Mediant 1000 Gateway & E-SBC | User's Manual
Parameter Description
[IDSRule_RuleID]
'Reason'
reason
[IDSRule_Reason]
Defines the type of intrusion attack (malicious event).
â– [0] Any = All events listed below are considered as attacks and
are counted together.
â– [1] Connection abuse = (Default) Connection failures, which
includes the following:
✔ Incoming TLS authentication (handshake) failure
✔ Incoming WebSocket connection establishment failure
â– [2] Malformed message = Malformed SIP messages, which
includes the following:
✔ Message exceeds a user-defined maximum message
length (50K)
✔ Any SIP parser error
✔ Message Policy match (see Configuring SIP Message
Policy Rules)
✔ Basic headers not present
✔ Content length header not present (for TCP)
✔ Header overflow
â– [3] Authentication failure = SIP authentication failure, which
includes the following:
✔ Local authentication ("Bad digest" errors)
✔ Remote authentication (SIP 401/407 is sent if original
message includes authentication)
â– [4] Dialog establish failure = SIP dialog establishment (e.g.,
INVITE) failure, which includes the following:
✔ Classification failure (see Configuring Classification Rules).
✔ Call Admission Control (CAC) threshold exceeded (see
Configuring Call Admission Control on page756)
✔ Routing failure (i.e., no routing rule was matched)
✔ Local reject by device (prior to SIP 180 response):
REGISTER not allowed due to IP Group's
'RegistrationMode' parameter, or SIP requests rejected
based on a registered users policy (configured by the SRD_
BlockUnRegUsers or SIPInterface_
BlockUnRegUsersblocks parameters).
✔ No user found when routing to a User-type IP Group (similar
to a SIP 404)
✔ Remote rejects (prior to SIP 18x response). To specify SIP
response codes to exclude from the IDS count, see
Configuring SIP Response Codes to Exclude from IDS on
page153.
✔ Malicious signature pattern detected (see Configuring
Malicious Signatures)
â– [5] Abnormal flow = SIP call flow that is abnormal, which
includes the following:
- 147 -
To Next Page
Loading...
Need help?
General
