1. Diameter Security Application User Guide with UDR
  2. Understanding DSA Functionality and Logic
  3. DSA Stateless Countermeasure Logic
  4. Session Id Validation Check (SesIdValChk)

2.4.13 Session Id Validation Check (SesIdValChk)

This countermeasure screens the ingress diameter request/answer message for Session Id AVP as first AVP in diameter message.

This countermeasure considers the ingress diameter request/answer message as vulnerable, if the Session Id AVP is not the first AVP in diameter message.

Note:

Appropriate ART configuration needs to be done for routing the egress request messages (only towards foreign networks) to DSA so that ingress answer message from the foreign peers can be screened for vulnerability by this countermeasure. For more information, refer to ART Configuration for DSA.