Sip Denial Of Service Mitigation - Nortel 5100 Release Note

94 End user software features
•
•
•
•
•
•
•

SIP Denial of Service mitigation

Denial of Service (DoS) attacks have a serious impact on system
performance. This feature provides a mechanism to protect the call server
from such attacks.
To protect the server, the Session Manager tracks repeated SIP requests.
When the threshold number of request is exceeded, subsequent requests
are temporarily blocked, so that the MCS drops all SIP requests from the
request source. The activity from the IP address is blocked for a configured
amount of time, before access is restored.
The threshold detection and lockout characteristics are configured using the
System Management Console. The SIPDoS Engineering parameter group
is available for the following Network Elements: Session Manager, IP Client
Manager (IPCM), Provisioning Client (PROV) and Personal Agent (PA).
The following are the parameters.
•
•
•
Copyright © 2007, Nortel Networks
.
MCS 5100 Feature Description Guide (NN42020-125)
Interworking Fundamentals (NN42020-127)
MCS 5100 Overview (NN42020-143)
Provisioning Client User Guide (NN42020-105)
Enhanced 911 Fundamentals (NN42020-132)
Provisioning Manager Fundamentals (NN42020-111)
Feature Description Guide (NN42020-125)
LockoutAudit Duration: The interval in seconds of the mark and sweep
audit used to clear the lockout condition.
— range: 1 to maxint
— default: 60
MaxNumberLockouts: The maximum number of source IP addresses
that can be locked out at the same time.
— range: 1 - 10 000
— default: 10 000
AlarmThresholds: The threshold for the distributed DoS alarms,
indicating the number of endpoints that are locked out. The values are
expressed as a percentage of the MaxNumLockout value, and represent
the minor, major and critical alarms.
— minor alarm (first value) default is 10%
— major alarm (second value) default is 50%
Nortel Multimedia Communication Server 5100
New in this Release
NN42020-404 03.08 Standard
Release 4.0 11 September 2007