Configuring H.323 Denial of Service (DoS) Attack Protection

You can protect the H.323 gatekeeper from flood attacks by limiting the number of remote access service (RAS) messages per second it will attempt to process.

Incoming RAS request messages exceeding the threshold you specify are dropped by H.323 ALG. The range is 1 to 50000 messages per second, the default value is 1000.

To configure the H.323 DoS attack protection feature, use either J-Web or the CLI configuration editor.

This topic covers:

• J-Web Configuration
• CLI Configuration
• Related Topics

J-Web Configuration

To limit the number of incoming RAS request messages to the H.323 gatekeeper to 5,000 messages per second using the J-Web configuration editor:

1. Select Configuration > View and Edit > Edit Configuration.

   The Configuration page appears.

2. Next to Security, click Configure or Edit.
3. Next to ALG, click Configure or Edit.
4. Next to H323, click Configure or Edit.
5. Next to Application Screen, click Configure or Edit.
6. Next to Message flood, click Configure or Edit.
7. To specify the gatekeeper threshold, in the Threshold box, type 5000 and click OK.
8. If you are finished configuring the J-series device, commit the configuration.
9. To check the configuration, see Verifying the H.323 Configuration.

CLI Configuration

In this example, you limit the number of incoming RAS request messages to the H.323 gatekeeper to 5,000 messages per second.

If you are finished configuring the J-series device, commit the configuration.

To check the configuration, see Verifying the H.323 Configuration.

Related Topics

• Setting H.323 Endpoint Registration Timeout
• Setting H.323 Media Source Port Range
• Allowing Unknown H.323 Message Types
• Verifying the H.323 Configuration