2.4.12 Origin Host and Origin Realm Format Check (OhOrFrmChk)
This countermeasure screens the ingress diameter request/answer message for occurrence of Origin Host and Origin Realm AVPs in incoming Request and answer message.
This countermeasure considers the ingress diameter request/answer message as vulnerable if any of these conditions are true:
- If count of AVPs in message is greater than one.
- If format of both the AVPs is not correct.
Note:
Appropriate ART configuration needs to be done for routing the egress request messages (only towards foreign networks) to DSA so that ingress answer message from the foreign peers can be screened for vulnerability by this countermeasure. For more information, refer to ART Configuration for DSA.