An attacker using an unauthorized GSN can cause a denial of service attack using spoofed PDP Context Delete messages (DoS attack) or using a spoofed Update PDP Context Request to hijack existing sessions. Such attacks can also spoof a Create PDP Context Request to gain unlawful Internet access. Session hijacking can come from the SGW/SGSN or the PGW/GGSN. An unauthorized GSN can hijack GTP tunnels or cause a denial of service by intercepting another GSN and redirecting traffic to it.
Operators can use AA-FW to configure pools of trusted GSN IP addresses (using an AA IP-Prefix-list) to stop spoofed requests from untrusted GSNs.
AA IP-Prefix-lists can be configured to model GSN groups as follows:
*A:Dut-C>config>app-assure>group#
ip-prefix-list ip-prefix-list-name [create]
prefix ip-prefix/ip-prefix-length [name prefix-name]
The configured AA IP-Prefix-lists are then referenced in session-filters, such that only sessions that match the lists are ‟permitted”.
*A:Dut-C>config>app-assure>group# session-filter
default-action deny
entry + Configure an entry in the session filter
match
src-ip // Configure IP addresses that correspond to authorized SGW/SSGN
action
permit