GTP anomaly prevention (sequence number checks)

Protocol anomaly attacks involve malformed or corrupt packets that typically fall outside of the protocol specifications. Packets are denied by AA FW if they fail the sanity check. Examples of GTP sanity checks are: invalid GTP header length, invalid Information Element (IE) length, invalid reserved fields, invalid sequence number, missing mandatory IEs, out-of-state message type.

In addition to the GTP-C inspection and GTP-U protocol validation described in UE IP address anti-spoofing, GTP TEID validation, and GTP-C out-of-state message-type protection, AA FW performs sequence number validation, whereby AA FW ensures that there are no out-of-sequence GTP packets. By default, sequence number validation is disabled. To enable sequence number validation, use the following CLI command:

*A:Dut-C>config>app-assure>group>
+---gtpc-inspection
+---gtp-filter <gtp-filter-name> [create]
|   |   +---validate-sequence-number

GTP Packets with wrong sequence numbers are dropped when validate-sequence-number is enabled.