Compromised GSNs can send storms of GTP traffic with invalid GTP Tunnel Identifications (TEIDs) to cause a DoS attack. By inspecting GTP-C messages, AA FW supports stateful correlation of upstream and downstream GTP flows (DstIP + TEID) of the same PDN session.
AA drops packets with TEIDs that have not been negotiated correctly.
By default, TEID validation is disabled. The operator can enable AA to drop GTP traffic with invalid TEID using the following command sequence.
*A:Dut-C>config>app-assure>group>
+---gtp-filter <gtp-filter-name> [create]
| +---validate-gtp-tunnels