Configuring MGCP Denial of Service (DoS) Attack Protection

You can protect the MGCP media gateway from flood attacks by limiting the number of remote access service (RAS) messages and connections per second it will attempt to process.

When you configure MGCP message flood protection, the MGCP ALG drops any messages exceeding the threshold you set. The range is 2 to 50,000 messages per second per media gateway, the default is 1,000 messages per second per media gateway.

When you configure MGCP connection flood protection, the MGCP ALG drops any connection request exceeding the threshold you set. This limits the rate of processing of CreatConnection (CRCX) commands, thereby indirectly limiting pinhole creation. The range is 2 to 10,000 connection requests per second per media gateway, the default is 200.

Use either the J-Web or CLI configuration editor.

This topic covers:

• J-Web Configuration
• CLI Configuration
• Related Topics

J-Web Configuration

1. Select Configuration > View and Edit > Edit Configuration > Security > ALG > MGCP.
2. Click Application Screen.
3. Under Connection flood, enter a value in the Threshold box.
4. Under Message flood, enter a value in the Threshold box.
5. Click one of the following buttons:
   • To apply the configuration and return to the main Configuration page, click OK.
   • To apply the configuration, click Commit.
   • To cancel your entries and return to the main page, click Cancel.

CLI Configuration

In this example, you configure the device to drop any message requests exceeding 10,000 requests per second and to drop any connection requests exceeding 4,000 per second.

Related Topics

• Understanding the MGCP ALG
• Understanding MGCP ALG Call Duration and Timeouts
• Setting MGCP Call Duration
• Setting MGCP Inactive Media Timeout
• Setting the MGCP Transaction Timeout
• Allowing Unknown MGCP Message Types