Untrusted Connection Timeout for TCP and TLS

You can configure the Oracle Communications Core Session Manager for protection against starvation attacks for socket-based transport (TCP or TLS) for SIP access applications. During such an occurrence, the attacker would open a large number of TCP/TLS connections on the Oracle Communications Core Session Manager and then keep those connections open using SIP messages sent periodically. These SIP messages act as keepalives, and they keep sockets open and consume valuable resources.

Using its ability to promote endpoints to a trusted status, the Oracle Communications Core Session Manager now closes TCP/TLS connections for endpoints that do not enter the trusted state within the period of time set for the untrusted connection timeout. The attacking client is thus no longer able to keep connections alive by sending invalid messages.

This feature works by setting a value for the connection timeout, which the Oracle Communications Core Session Manager checks whenever a new SIP service socket for TCP or TLS is requested. If the timer’s value is greater than zero, then the Oracle Communications Core Session Manager starts it. If the timer expires, then the Oracle Communications Core Session Manager closes the connection. However, if the endpoint is promoted to the trusted state, then the Oracle Communications Core Session Manager will cancel the timer.