DefensePro User Guide
Security Configuration
132
Document ID: RDWR-DP-V0602_UG1201
Configuring Global SIP Cracking Protection
SIP Cracking protection, which provides VoIP protection similar to FTP, POP3, and server-based
crack protections, is designed to detect and mitigate the following types of threats:
•
Brute-force and dictionary attacks—On registrar and proxies SIP servers.
•
SIP application scanning activities—On SIP servers and SIP phones.
•
SIP DoS flood attacks—On SIP servers and SIP phones. The types of attacks that are detected
through the SIP crack mechanism include those that use repeated spoofed register and invite
messages.
•
Pre-SPIT (Spam over IP Telephony) activities—TO TAG Invite messages are used.
DefensePro detects attacks based on the frequency and quantity of SIP reply codes.
DefensePro performs analysis of authentication, call initiation, registration processes, and reply
codes per source IP address and the SIP URI (SIP FROM).
A SIP server can send replies and error responses to clients either on the same connection or open a
new connection for this purpose. This is also applicable for UDP, where either the same flow or a new
one is used. To support such environments, the SIP Server Cracking Protection can monitor all
outgoing messages from the protected server to the SIP Application Port Group or from the SIP
Application Port Group.
When DefensePro detects an attack, it does the following:
•
Adds the source IP address of the attacker to the Suspend table. The suspend entry will have
both the SIP port and the server IP address.
•
Blocks all traffic from the attacker to the protected server and to the SIP Application Port group.
The device also drops existing sessions or flows from the attacker to the protected server and to
the Application Port Group.
Before you configure global SIP Cracking Protection, you must configure a profile that includes SIP
protection. For more information, see
Configuring Server Cracking Profiles for Server Protection,
.
To configure global SIP Cracking Protection
1. In the Configuration perspective Security Settings tab navigation pane, select SIP Cracking.
2. Configure the parameters; and then, click
(Submit) to submit the changes.
Содержание DefensePro 6.02
Страница 1: ...DefensePro User Guide Software Version 6 02 Document ID RDWR DP V0602_UG1201 January 2012 ...
Страница 2: ...DefensePro User Guide 2 Document ID RDWR DP V0602_UG1201 ...
Страница 20: ...DefensePro User Guide 20 Document ID RDWR DP V0602_UG1201 ...
Страница 28: ...DefensePro User Guide Table of Contents 28 Document ID RDWR DP V0602_UG1201 ...
Страница 116: ...DefensePro User Guide Device Network Configuration 116 Document ID RDWR DP V0602_UG1201 ...
Страница 256: ...DefensePro User Guide Managing Device Operations and Maintenance 256 Document ID RDWR DP V0602_UG1201 ...
Страница 274: ...DefensePro User Guide Monitoring DefensePro Devices and Interfaces 274 Document ID RDWR DP V0602_UG1201 ...
Страница 302: ...DefensePro User Guide Real Time Security Reporting 302 Document ID RDWR DP V0602_UG1201 ...
Страница 308: ...DefensePro User Guide Administering DefensePro 308 Document ID RDWR DP V0602_UG1201 ...
Страница 324: ...DefensePro User Guide Troubleshooting 324 Document ID RDWR DP V0602_UG1201 ...