AudioCodes E-SBC

AudioCodes E-SBC

1414 pages

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

CHAPTER14 Security

Mediant 1000 Gateway & E-SBC | User's Manual

Parameter Description

[IDSRule_RuleID]

'Reason'

reason

[IDSRule_Reason]

Defines the type of intrusion attack (malicious event).

■ [0] Any = All events listed below are considered as attacks and

are counted together.

■ [1] Connection abuse = (Default) Connection failures, which

includes the following:

✔ Incoming TLS authentication (handshake) failure

✔ Incoming WebSocket connection establishment failure

■ [2] Malformed message = Malformed SIP messages, which

includes the following:

✔ Message exceeds a user-defined maximum message

length (50K)

✔ Any SIP parser error

✔ Message Policy match (see Configuring SIP Message

Policy Rules)

✔ Basic headers not present

✔ Content length header not present (for TCP)

✔ Header overflow

■ [3] Authentication failure = SIP authentication failure, which

includes the following:

✔ Local authentication ("Bad digest" errors)

✔ Remote authentication (SIP 401/407 is sent if original

message includes authentication)

■ [4] Dialog establish failure = SIP dialog establishment (e.g.,

INVITE) failure, which includes the following:

✔ Classification failure (see Configuring Classification Rules).

✔ Call Admission Control (CAC) threshold exceeded (see

Configuring Call Admission Control on page756)

✔ Routing failure (i.e., no routing rule was matched)

✔ Local reject by device (prior to SIP 180 response):

REGISTER not allowed due to IP Group's

'RegistrationMode' parameter, or SIP requests rejected

based on a registered users policy (configured by the SRD_

BlockUnRegUsers or SIPInterface_

BlockUnRegUsersblocks parameters).

✔ No user found when routing to a User-type IP Group (similar

to a SIP 404)

✔ Remote rejects (prior to SIP 18x response). To specify SIP

response codes to exclude from the IDS count, see

Configuring SIP Response Codes to Exclude from IDS on

page153.

✔ Malicious signature pattern detected (see Configuring

Malicious Signatures)

■ [5] Abnormal flow = SIP call flow that is abnormal, which

includes the following:

- 147 -

Table of Contents

Related product manuals

Preview: AudioCodes MP-124

AudioCodes MP-124

Preview: AudioCodes MediaPack

AudioCodes MediaPack

Preview: AudioCodes Mediant 800

AudioCodes Mediant 800

Preview: AudioCodes MP-26 series

AudioCodes MP-26 series

Preview: AudioCodes Mediant 1000

AudioCodes Mediant 1000

Preview: AudioCodes Mediant 1000B

AudioCodes Mediant 1000B

Preview: AudioCodes Mediant Series

AudioCodes Mediant Series

Preview: AudioCodes MediaPack MP-118

AudioCodes MediaPack MP-118

Preview: AudioCodes MediaPack MP-124

AudioCodes MediaPack MP-124

Preview: AudioCodes MediaPack Series

AudioCodes MediaPack Series

Preview: AudioCodes Media Pack MP-124

AudioCodes Media Pack MP-124

Preview: AudioCodes Mediant 800 Series

AudioCodes Mediant 800 Series