1. Diameter Security Application User Guide with UDR
  2. Understanding DSA Functionality and Logic
  3. DSA Stateless Countermeasure Logic
  4. Application-ID and Command-Code Consistency Check (AppCmdCst)

2.4.2 Application-ID and Command-Code Consistency Check (AppCmdCst)

This countermeasure screens the ingress diameter request message to check if the received Application-ID and Command-Code combination is allowed for a given Roamer Type.

This countermeasure considers the ingress diameter request message as vulnerable if any of these conditions are true:

  • Subscriber is an Inbound Roaming Subscriber, but the received Application-ID and Command-Code is not configured as an allowable combination for an Inbound Roamer.
  • Subscriber is an Outbound Roaming Subscriber, but the received Application-ID and Command-Code is not configured as an allowable combination for an Outbound Roamer.

Apart from the mandatory configuration discussed in DSA Mandatory Configuration, configure AppCmdCst_Config Table for configuring allowable Application-ID and Command-Code combinations for Inbound and Outbound Roamers which are used by this countermeasure for screening.