96 SBC session border controllers
4.1.8.7 DoS protection
This menu is used to configure DoS protection settings.
Security –> DoS protection
On SBC, the following attacks are countered:
– ICMP flood — attack with multiple ICMP requests;
– Port Scan — port scanning;
– SIP flood — attacks via SIP in order to brute-force user passwords, flooding with requests to forbidden
direction, protection against scanning actual numbers;
– RTP flood — flooding on ports used to transmit media data in order to degrade the quality of service;
– User-Agent filtering — SBC contains a forbidden list of standard User-Agents of different utilities, which can
be used for SIP attacks. Search by User-Agent is not case-sensitive.
DoS protection settings:
– DoS defense — general setting that activates all other protections;
– Enable ICMP flood defense — when activated, the SBC will not respond to ICMP type 8 (echo) and ICMP
type 13 (timestamp) requests;
– Enable Port Scan detection — this mode checks for too frequent requests to different ports from the same
address;
– Enable prohibited user agents — filtering SIP requests by User-Agent.
When you activate this option, a list of banned User-Agents will
appear on the right. On this list you can:
– Add a new User-Agent with the «Add» button. A window will
appear where you can select either one of the preset options
or enter your own by selecting «other» from the drop-down
list;
– Change any position in the list. To do this, select the position and click «Edit»;
– Remove any position from the list. To do this, select the position and click «Delete».
– Enable RTP flood defense — activates detection of hosts sending voice traffic to inactive media ports, or to
media ports that are already in use for voice communications. A host is considered a flooder if it sends
unwanted traffic for more than five seconds.
To Next Page
Loading...