2.5 DSA Stateful Countermeasure Logic

Stateful countermeasures require maintenance of some State-Data (depending upon the countermeasure’s business logic) for validating various diameter messages. UDR is used for maintaining the State-Data record.

First the State-Data is created for the Subscriber when the reference diameter message is received (depending upon the countermeasure type, the reference diameter message varies). For subsequent diameter messages for that subscriber, the State-Data is used to validate against the incoming diameter message content.

Note:

Note: For all the stateful countermeasures (except Message Rate Monitoring (MsgRateMon)), the State-Data is created only after DSA processes the referenced diameter message. The countermeasures mark the non-vulnerable message as vulnerable if appropriate State-Data is not present for that subscriber.

Therefore, it is important that after a stateful countermeasure is enabled, all the outbound and inbound roamers must be forced to re-register, so DSA can process the reference diameter messages first or, alternatively, keep the stateful countermeasure’s Operating Mode as Detection Only.