Version 6.8 259 Mediant 2600 E-SBC
User's Manual 17. Control Network
Parameter Description
Classification Failure Response Type
CLI: classification_fail_response_type
[SIPInterface_ClassificationFailure
ResponseType]
Defines the SIP response code that the device sends if a
received SIP request (OPTIONS, REGISTER, or INVITE)
has failed the SBC Classification process.
The valid value can be a SIP response code from 400
through 699, or it can be set to 0 to not send any response at
all. The default response code is 500 (Server Internal Error).
This feature is important for preventing Denial of Service
(DoS) attacks, typically initiated from the WAN. Malicious
attackers can use SIP scanners to detect ports used by SIP
devices. These scanners scan devices by sending UDP
packets containing a SIP request to a range of specified IP
addresses, listing those that return a valid SIP response.
Once the scanner finds a device that supports SIP, it
extracts information from the response and identifies the
type of device (IP address and name) and can execute DoS
attacks. A way to defend the device against such attacks is
to not send a SIP reject response to these unclassified
"calls" so that the attacker assumes that no device exists at
such an IP address and port.
Note: This parameter is applicable only if the device is set to
reject unclassified calls. This is configured using the
'Unclassified Calls' parameter on the General Settings page
(Configuration tab > VoIP menu > SBC > General Settings).
Web: Pre Classification ManSet
CLI: preclassification-manset
[SIPInterface_PreClassificationMani
pulationSet]
Assigns a Message Manipulation Set ID to the SIP Interface.
This lets you apply SIP message manipulation rules on
incoming SIP initiating-dialog request messages (not in-
dialog), received on this SIP Interface, prior to the
Classification process.
By default, no Message Manipulation Set ID is defined.
For configuring Message Manipulation Sets, see Configuring
SIP Message Manipulation on page 284.
Notes:
The Message Manipulation Set assigned to a SIP
Interface that is associated with an outgoing call, is
ignored. Only the Message Manipulation Set assigned to
the associated IP Group is applied to the outgoing call.
If
both the SIP Interface and IP Group associated with the
incoming call are assigned a Message Manipulation Set,
the one assigned to the SIP Interface is applied first.
To Next Page
Loading...
