DO NOT SHARE THESE DOCS WITH CUSTOMERS!
This is an LA release that will only be provided to a select number of PLM-sanctioned customers (PDFs only). Contact PLM for details.
The SBC Core provides Denial of Service (DOS) protection when under attack to both existing calls and subscribers, as well as new valid calls and subscribers. The (non-exhaustive) list of attack types which are mitigated include:
For the SBC 7000, these attacks can be up to the entire 10G line rate possible on the network interfaces. As long as the upstream networking infrastructure elements deliver all valid packets (i.e. that service is not impaired by upstream networking elements), the SBC 7000 will accomplish the following for all attack types:
Note that for non-secured streams, the protection guarantees applies to calls and signaling peers whose source IP addressing is not being spoofed by the attacker. If the attacker is spoofing addresses, then non-secured media or signaling from the address will be affected (since the SBC cannot distinguish good traffic from bad traffic in this case), but all other calls and signaling are protected.
For secured media streams (sRTP) and secured signaling (TLS or IPsec), the attacker cannot affect these streams since the SBC will ensure that only properly authenticated packets are accepted.