Untrusted Connection Timeout for TCP and TLS

You can configure the Oracle Communications Session Border Controller for protection against starvation attacks for socket-based transport (TCP or TLS) for SIP access applications. During such an occurrence, the attacker would open a large number of TCP/TLS connections on the Oracle Communications Session Border Controller and then keep those connections open using SIP messages sent periodically. These SIP messages act as keepalives, and they keep sockets open and consume valuable resources.

Using its ability to promote endpoints to a trusted status, the Oracle Communications Session Border Controller now closes TCP/TLS connections for endpoints that do not enter the trusted state within the period of time set for the untrusted connection timeout. The attacking client is thus no longer able to keep connections alive by sending invalid messages.

This feature works by setting a value for the connection timeout, which the Oracle Communications Session Border Controller checks whenever a new SIP service socket for TCP or TLS is requested. If the timer’s value is greater than zero, then the Oracle Communications Session Border Controller starts it. If the timer expires, then the Oracle Communications Session Border Controller closes the connection. However, if the endpoint is promoted to the trusted state, then the Oracle Communications Session Border Controller will cancel the timer.