Defining The Sip Party Registration Entities - Cisco 4700M Configuration Manual

Configuring a Layer 7 SIP Inspection Policy

Defining the SIP Party Registration Entities

Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
3-84
Use the unknown keyword to permit or deny unknown or
Note
unsupported SIP methods.
For example, to filter SIP traffic based on the INVITE request method, enter:
host1/Admin(config-cmap-sip-insp)# match request-method invite
To remove the match statement from the class map, enter:
host1/Admin(config-cmap-sip-insp)# no match request-method invite
SIP allows users to register other users on their behalf by sending REGISTER
messages with different values in the From and To header fields. This process may
pose a security threat if the REGISTER message is actually a DEREGISTER
message. A malicious user could cause a Denial of Service (DoS) attack by
deregistering all users on their behalf. To prevent this security threat, you can
specify a list of privileged users who can register or unregister someone else on
their behalf. The ACE maintains the list as a regex table. If you configure this
policy, the ACE drops REGISTER messages with mismatched From and To
headers and a From header value that does not match any of the privileged user
IDs.
To filter SIP traffic based on third-party registrations or deregistrations, use the
match third-party-registration command in class map SIP inspection
configuration mode. The syntax of this command is as follows:
[line_number] match third-party-registration expression
The arguments and options are as follows:
line_number—(Optional) Argument that assists you in editing or deleting
•
individual match commands. Enter an integer from 2 to 1024 as the line
number. You can enter no line_number to delete long match commands
instead of entering the entire line. The line numbers do not dictate a priority
or sequence for the match statements.
Chapter 3 Configuring Application Protocol Inspection
OL-16202-01