Voice-over-IP Contexts
These attack objects and groups are designed to detect known attack patterns and protocol anomalies within the network traffic. You can configure attack objects and groups for voice-over-IP protocol as match conditions in IDP policy rules.
Service Contexts: H225
The table displays the security context details for H225:
Context and Direction |
Description Example of Contexts |
|||
|---|---|---|---|---|
h225ras-admission (ANY) |
Matches H225RAS admission messages (AdmissionConfirm, AdmissionReject, AdmisssonRequest).  |
|||
h225ras-bandwidth (ANY) |
Matches H225RAS bandwidth messages (BandwidthConfirm, BandwidthReject, BandwidthRequest). |
|||
h225ras-command-state (ANY) |
Matches the state of the H225RSA connection. |
|||
h225ras-disengage (ANY) |
Matches H225RAS disengage messages (DisengageConfirm, DisengageReject, DisengageRequest). |
|||
h225ras-gatekeeper (ANY) |
Matches H225RAS gatekeeper messages (GatekeeperConfirm, GatekeeperReject, GatekeeperRequest). |
|||
h225ras-info (ANY) |
Matches H225RAS informational messages (InfoRequestAck, InfoRequestResponse, InfoRequest). |
|||
h225ras-location (ANY) |
Matches H225RAS location messages (LocationConfirm, LocationReject, LocationRequest). |
|||
h225ras-message (ANY) |
Matches the broad H225RAS message context.  |
|||
h225ras- nonstandard (ANY) |
Matches the H225RAS nonstandard message context. |
|||
h225ras- registration (ANY) |
Matches the H225RAS registration message. |
|||
h225ras- resource (ANY) |
Matches H225RAS resources available messages (Resources Available Confirm, Resources Available Indicate). |
|||
h225ras-rip (STC) |
Matches the H225RAS request- in-progress message. |
|||
h225ras- servicecontrol (CTS) |
Matches the H225RAS service control message. |
|||
h225ras- unknown–message (ANY) |
Match the H225RAS Unknown message type. |
|||
h225ras-unregistration (ANY) |
Matches the H225RAS unregistration message.  |
|||
h225ras- unspecified-message (ANY) |
Matches the H225RAS unspecified message. |
|||
h225ras-version (ANY) |
Matches the H225RAS version message. |
|||
h225sgn-message (ANY) |
Matches the H225SGN message body started with the message-type byte. |
|||
h225sgn-preamble (ANY) |
Matches the H225SGN signaling protocol discriminator and call reference value. |
|||
Service Contexts: MGCP
The table displays the security context details for MGCP:
Context and Direction |
Description |
Display Name |
|---|---|---|
mgcp-call-id (ANY) |
Matches the MGCP call ID parameter value. |
MGCP Call ID |
mgcp-command (ANY) |
Matches the MGCP command line. |
MGCP Command |
mgcp-ep-name (ANY) |
Matches the MGCP endpoint name specified in command line or command parameters. |
MGCP Endpoint name |
mgcp-parm (ANY) |
Matches the MGCP command parameter value. |
MGCP Command Parameter |
mgcp-rsp (ANY) |
Matches the entire MGCP response line with the return code. |
MGCP Reply Line |
mgcp-rsp-000-line (ANY) |
Matches the MGCP 0yz response acknowledgment. |
MGCP 000 Reply Line |
mgcp-rsp-100-line (ANY) |
Matches the MGCP 1yz provisional response. |
MGCP 100 Reply Line |
mgcp-rsp-200-line (ANY) |
Matches the MGCP 2yz successful completion response. |
MGCP 200 Reply Line |
mgcp-rsp-400-line (ANY) |
Matches the MGCP 4yz permanent error response |
MGCP 400 Reply Line |
mgcp-rsp-500-line (ANY) |
Matches the MGCP 5yz permanent error response. |
MGCP 500 Reply Line |
mgcp-rsp-800-line (ANY) |
Matches the MGCP 8yz package-specific response codes. |
MGCP 800 Reply Line |
mgcp-rsp-bad-rcode (ANY) |
Matches any MGCP invalid response code. |
MGCP Invalid Response Code |
mgcp-sdp-line (ANY) |
Matches MGCP/SDP contents data line. |
MGCP SDP Line |
mgcp-trans-id (ANY) |
Matches the MGCP transaction ID parameter value. |
MGCP Transaction ID |
Service Contexts: SIP
The table displays the security context details for SIP:
Context and Direction |
Description Example of Contexts |
|||
|---|---|---|---|---|
sip-bad-header (ANY) |
Matches SIP hearders with bad syntax. |
|||
sip-command-state (ANY) |
Matches the state of the SIP connection. |
|||
sip-content-any (ANY) |
Matches SIP contents portion of packet data. |
|||
sip-content-sdp (ANY) |
Matches SIP/SDP content data.  |
|||
sip-display-name (ANY) |
Matches the display name of URL in related headers.  |
|||
sip-header-any (ANY) |
Matches SIP headers with no designated context. |
|||
sip-header-callid (ANY) |
Matches the SIP <Call-ID> header.  |
|||
sip-header-from (ANY) |
Matches the SIP <From> header. |
|||
sip-header-maxforwards (CTS) |
Matches the SIP <Max-Forwards> header. |
|||
sip-header-to (ANY) |
Matches SIP <To> header.  |
|||
sip-header-value-len (ANY) |
Artificially created context for putting thresholds on a header value. |
|||
sip-headr-via (ANY) |
Matches the SIP <Via> header. |
|||
sip-parameter (ANY) |
Matches parsed parameters in the headers. |
|||
sip-parameter-bad (ANY) |
Matches parsed invalid parameters in the headers.  |
|||
sip-reply (STC) |
Matches any SIP reply line with the return code. |
|||
sip-reply-100-line (STC) |
Matches the SIP 1yz Positive Preliminary reply. |
|||
sip-reply-200-line (STC) |
Matches the SIP 2yz Positive Compleation reply. |
|||
sip-reply-300-line (STC) |
Matches the SIP 3yz Postive Intermediate reply. |
|||
sip-reply-400-line (STC) |
Matches the SIP 4yz Transient Negative Completion reply. |
|||
sip-reply-500-line (STC) |
Matches the SIP 5yz Permanent Negative Completion reply. |
|||
sip-reply-600-line (STC) |
Matches the SIP 6yz Failure Completion reply. |
|||
sip-reply-bad-rcode (STC) |
Matches any SIP invalid response code. |
|||
sip-request (CTS) |
Matches the SIP request command line.  |
|||
sip-request-unknown (CTS) |
Matches the SIP request with unknown command. |
|||
sip-sdp-line (ANY) |
Matches the SIP/SDP contents data line.  |
|||
sip-unknown-data (ANY) |
Matches SIP unknown data. |
|||
sip-unknown-header (ANY) |
Matches a SIP unknown header. |
|||
sip-uri-host (ANY) |
Matches the host-name/IP-address of URI in related headers.  |
|||
sip-uri-parameter (ANY) |
Matches the parameter of URI in related headers. |
|||