RedMax EXtreme EX-LRT Guía para resolver problemas Pagina 73

  • Descarga
  • Añadir a mis manuales
  • Imprimir
  • Pagina
    / 142
  • Tabla de contenidos
  • SOLUCIÓN DE PROBLEMAS
  • MARCADORES
  • Valorado. / 5. Basado en revisión del cliente
Vista de pagina 72
Oracle SBC Security Guide
Jan 15 12:22:48 172.30.60.12 ACMESYSTEM sipd[1c6e0b90] WARNING
SigAddr[access:192.168.24.40:0=low:DENY] ttl=3632 guard=798 exp=30
Demoted to Black-List (Too many admission control failures)
The IDS Reporting Feature Group will provide an ERROR message with further detail like this:
Nov 28 17:53:47 172.41.3.41 ACMESYSTEM sipd[2dcc32a4] ERROR [IDS_LOG]
SigAddr[access:192.168.101.120:0=low:DENY] ttl=86400 exp=30 Demoted to
Black-List (Too many messages) last msg rcvd=REGISTER sip:192.168.66.2
SIP/2.0
Nov 28 17:53:47 172.41.3.41 CSE-4500-6 sipd[2dcc32a4] ERROR Via:
SIP/2.0/UDP 192.168.190.144:20928;branch=z9hG4bKdeadb33f
Nov 28 17:53:47 172.41.3.41 CSE-4500-6 sipd[2dcc32a4] ERROR From:
<sip:[email protected]:20928>
Nov 28 17:53:47 172.41.3.41 CSE-4500-6 sipd[2dcc32a4] ERROR To:
<sip:[email protected]:5060>
Nov 28 17:53:47 172.41.3.41 CSE-4500-6 sipd[2dcc32a4] ERROR Call-ID:
Nov 28 17:53:47 172.41.3.41 CSE-4500-6 sipd[2dcc32a4] ERROR CSeq: 1
REGISTER
Nov 28 17:53:47 172.41.3.41 CSE-4500-6 sipd[2dcc32a4] ERROR Contact:
Nov 28 17:53:47 172.41.3.41 CSE-4500-6 sipd[2dcc32a4] ERROR User-agent:
UAC
Nov 28 17:53:47 172.41.3.41 CSE-4500-6 sipd[2dcc32a4] ERROR Max-
Forwards: 5
Nov 28 17:53:47 172.41.3.41 CSE-4500-6 sipd[2dcc32a4] ERROR Content-
Length: 0
Keep in mind that some small number of demotions will be normal in a network, and that there may be an
initial learning period where it’s crucial to understand:
What are the stable and “common” values of these counters
On-going demotions/promotions on ACLs and to which SIP UAs they refer to
Monitoring systems need to be configured to take these normal variations into account, and have
appropriate thresholds defined. Note that the thresholds, as well as the SBC DoS or CAC parameters may
need to be adjusted over time as the network being monitored grows and changes.
Authentication Failures used for Endpoint Demotion
Endpoints that have become trusted due to successful registration are entered into the registration cache.
The cache is used to store the user and location information for authenticated endpoints. It may also be
used to shield the registrar from having to respond to re-registrations by providing the SBC the data to
reply to a portion of re-registrations locally. However, if an endpoint fails re-registration, it will be
demoted from trusted to untrusted.
Similarly, if an endpoint sends an INVITE with authentication, but the credentials do not match what is
known to the registrar, it will be demoted as well.
In these cases, 401 or 407 responses are received from the registrar, and the demotion occurs.
Vista de pagina 72
1 2 ... 68 69 70 71 72 73 74 75 76 77 78 ... 141 142

Comentarios a estos manuales

Sin comentarios