1. Diameter Security Application User Guide with UDR
  2. Understanding DSA Functionality and Logic
  3. DSA Stateless Countermeasure Logic
  4. Application-ID Whitelist Screening (AppIdWL)

2.4.1 Application-ID Whitelist Screening (AppIdWL)

This countermeasure screens the ingress diameter request message to check if the peer from which the message is received is allowed to send this diameter message.

This countermeasure considers the ingress diameter request message as vulnerable if any of these conditions are true:

  • The Application-ID of the ingress diameter message is not configured.
  • The Application-ID of the ingress diameter message is configured, but the Peer Configuration Set Name containing the peer from which the diameter message is received is not configured in the Foreign_WL_Peer_Cfg_Set of AppIdWL_Config Table.

    Apart from the mandatory configuration in DSA Mandatory Configuration, configure AppIdWL_Config Table for configuring allowed Application-ID and Peer list combinations used by this countermeasure for screening.