Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Fraudulent REGISTER on SBCE Remoteworker flow 1

Status
Not open for further replies.
AvayaUC2021

AvayaUC2021

Technical User
Jan 27, 2021
13
0
0
FR
Hi team,

I have an Avaya SBCE (release 8.0.1) installed with an Avaya IPO (reelase 11.0.4).

I have a remote worker service running on SBCE.

Since yesterday, I received many fraudulent REGISTER and I don't know how to block that correctly.

I have already activaed DDoS options but that doesn't block the attacks.

SNAG-0006_27-01-2021_17.43.32_kimmzc.png


Thank you for help

Regards
 
Sort by date Sort by votes
They use the Avaya User Agent as default, I get these attacks on systems where you can't access the settings file.

It used to be the User Agent for the old Nortel phone but they've changed it again.

"Trying is the first step to failure..." - Homer
 
Upvote 0 Downvote
Although they could get this from the User Agent you send out.
It would probably make sense to make the SBC remove or alter it.

"Trying is the first step to failure..." - Homer
 
Upvote 0 Downvote
Hi team,

So I maked some configuration that's look fine to block attacks !

- I created one URI-Group (BLOCK) that block all domains.

- I created anotehr URI-Group (ALLOW) that allow only my domain

- I affected the ALLOW URI-Group to my subscriber/server flows

Now attacks are directlly blocked by SBCE with 403 message !

I'm working on user's passwords complexity, to enforce users to change their passwords with a password complexity choosed by the admininistrator of IPO.
Also, I'm working on an MDM solution to push my certificate on the user's phones.

I think with all that I'll be safe :)

Thank you
 
Upvote 0 Downvote
yes I want to add the mutual authentication to enforce security
 
Upvote 0 Downvote
Hi team,

Does someone use DDoS Call Walking feature on SBCE ?
How that's work ?

Thanks
 
Upvote 0 Downvote
Hi team,

it is possible that SBCE don't response to hackers with 403 Forbidden message ?

SNAG-0009_09-02-2021_16.12.32_gsm98a.png


Thank you
 
Upvote 0 Downvote
I Tried that but doesn't work, I still sending 403 Forbidden to hackers...

SNAG-0016_09-02-2021_17.41.06_witpmc.png
 
Upvote 0 Downvote
I think, because the SBCE generates the message, we can’t modify it. I tried a sigma script but same result.

Freelance Certified Avaya Aura Engineer

 
Upvote 0 Downvote
I like working on Avaya solutions Ameliorations.
I'll request a GIRP for that fonctionnality.

I requested a GIRP for SBCE license usage in real time with IPO and my request was released on SBCE 8.1.2 (license compliance) :)

have a nice day !
 
Upvote 0 Downvote
Can't you just change the security settings so if they fail to many times they get ignored?

Default settings is set pretty high before it triggers anything.

"Trying is the first step to failure..." - Homer
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

scudworth
  • Question
ASBCE Server Flow failover
Replies
2
Views
241
Alfalis
Alfalis
pontim
  • Locked
  • Question
Teams Direct Routing Avaya SBCE 2
Replies
10
Views
201
Ekster
Ekster
rtsoi
  • Locked
  • Question
Resetting Root PW on SBCE
Replies
0
Views
81
rtsoi
rtsoi
TonyAMIC
  • Locked
  • Question
SBCE, IPO certificates from GoDaddy
Replies
1
Views
93
biglebowski
biglebowski
abtt
  • Locked
  • Question
TRUNK SIP and SBCE
Replies
0
Views
58
abtt
abtt

Part and Inventory Search

Sponsor

Back
Top