[cisco-voip] Call Manager Denial of Service and Gateway Call Spike

Casper, Steven SCASPER at mtb.com
Fri Oct 14 12:56:12 EDT 2011


We recently had an incident where a power dialer inadvertently was programmed to dial thousands of our numbers. The rate of dialing was such that two of our subscribers went into a code yellow condition so in effect created a Denial of Service condition. Both of these servers (7845H2) have a lot of MGCP and H323 PRIs associated with them. I am looking for ways to prevent this in the future. I see there is a call spike command available on gateways but I am not sure what thresholds would be used. Any ideas.....What would be a good threshold to set to prevent a denial of service condition but still support  normal heavy inbound calling?

call spike
To configure the limit on the number of incoming calls received in a short period of time (a call spike), use the call spike command in global or dial peer voice configuration mode. To disable this command, use the no form of this command.
call spike call-number [steps number-of-steps size milliseconds]
no call spike
Dial Peer Voice Configuration Mode
call spike threshold [steps number-of-steps size milliseconds]
Syntax Description
call-number

Incoming call count for the spiking threshold. Range is 1 to 2147483647.

steps number-of-steps

(Optional) Specifies the number of steps for the spiking sliding window. Range is from 3 to 10. The default is 5.steps for the spiking sliding window.

size milliseconds

(Optional) Specifies step size in milliseconds. Range is from 100 to 250. The default is 200.

threshold

Threshold for the incoming call count for spiking. Range is 1 to 2147483647.


Usage Guidelines
A call spike occurs when a large number of incoming calls arrive from the Public Switched Telephone Network (PSTN) in a short period of time (for example, 100 incoming calls in 10 milliseconds). Setting this command allows you to control the number of call requests that can be received in a configured time period. The sliding window buffers the number of calls that get through. The counter resets according to the specified step size.
The period of the sliding window is calculated by multiplying the number of steps by the size. If an incoming call exceeds the configured call number during the period of the sliding window the call is rejected.
If the call spike is configured at both the global and dial-peer levels, the dial-peer level takes precedence and the call spike is calculated. If the call spike threshold is exceeded the call gets rejected, and the call spike calculation is done at the global level.



************************************
This email may contain privileged and/or confidential information that is intended solely for the use of the addressee.  If you are not the intended recipient or entity, you are strictly prohibited from disclosing, copying, distributing or using any of the information contained in the transmission.  If you received this communication in error, please contact the sender immediately and destroy the material in its entirety, whether electronic or hard copy.  This communication may contain nonpublic personal information about consumers subject to the restrictions of the Gramm-Leach-Bliley Act and the Sarbanes-Oxley Act.  You may not directly or indirectly reuse or disclose such information for any purpose other than to provide the services for which you are receiving the information.
There are risks associated with the use of electronic transmission.  The sender of this information does not control the method of transmittal or service providers and assumes no duty or obligation for the security, receipt, or third party interception of this transmission.
************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20111014/42a69074/attachment.html>


More information about the cisco-voip mailing list