Unauthorized network access

An attacker using an unauthorized GSN can cause a denial of service attack using spoofed PDP Context Delete messages (DoS attack) or using a spoofed Update PDP Context Request to hijack existing sessions. Such attacks can also spoof a Create PDP Context Request to gain unlawful Internet access. Session hijacking can come from the SGW/SGSN or the PGW/GGSN. An unauthorized GSN can hijack GTP tunnels or cause a denial of service by intercepting another GSN and redirecting traffic to it.

Operators can use AA-FW to configure pools of trusted GSN IP addresses (using an AA IP-Prefix-list) to stop spoofed requests from untrusted GSNs.

AA IP-Prefix-lists can be configured to model GSN groups as follows:

*A:Dut-C>config>app-assure>group# 
   ip-prefix-list ip-prefix-list-name [create]
            prefix ip-prefix/ip-prefix-length [name prefix-name]

The configured AA IP-Prefix-lists are then referenced in session-filters, such that only sessions that match the lists are ‟permitted”.

*A:Dut-C>config>app-assure>group# session-filter
      default-action  deny
      entry           + Configure an entry in the session filter
        match
     src-ip    // Configure IP addresses that correspond to authorized SGW/SSGN 
 action
     permit