AudioCodes Mediant 4000 SBC User Manual page 374

CHAPTER 18 Core Entities
Classification
'Classification Failure Response
Type'
classification_fail_
response_type
[SIPInterface_
ClassificationFailureResponseType]
'Pre Classification Manipulation Set
ID'
preclassification-manset
[SIPInterface_
PreClassificationManipulationSet]
Parameter Description
Defines the SIP response code that the device sends
if a received SIP request (OPTIONS, REGISTER, or
INVITE) fails the SBC Classification process.
The valid value can be a SIP response code from 400
through 699, or it can be set to 0 to not send any
response at all. The default response code is 500
(Server Internal Error).
This feature is important for preventing Denial of
Service (DoS) attacks, typically initiated from the
WAN. Malicious attackers can use SIP scanners to
detect ports used by SIP devices. These scanners
scan devices by sending UDP packets containing a
SIP request to a range of specified IP addresses,
listing those that return a valid SIP response. Once
the scanner finds a device that supports SIP, it
extracts information from the response and identifies
the type of device (IP address and name) and can
execute DoS attacks. A way to defend the device
against such attacks is to not send a SIP reject
response to these unclassified "calls" so that the
attacker assumes that no device exists at such an IP
address and port.
Note:
■ The parameter is applicable only if you configure
the device to reject unclassified calls, which is
done using the 'Unclassified Calls' parameter
(see Configuring Classification
Assigns a Message Manipulation Set ID to the SIP
Interface. This lets you apply SIP message
manipulation rules on incoming SIP initiating-dialog
request messages (not in-dialog), received on this
SIP Interface, prior to the Classification process.
By default, no Message Manipulation Set ID is
defined.
To configure Message Manipulation rules, see
Configuring SIP Message
Note:
■ The Message Manipulation Set assigned to a SIP
Interface that is associated with an outgoing call,
is ignored. Only the Message Manipulation Set
assigned to the associated IP Group is applied to
the outgoing call.
■ If both the SIP Interface and IP Group associated
with the incoming call are assigned a Message
Manipulation Set, the one assigned to the SIP
Interface is applied first.
- 341 -
Mediant 4000 SBC | User's Manual
Rules).
Manipulation.