Additional SIP Preprocessor Rules
The SIP preprocessor rules in the following table are not associated with specific configuration options. As with other SIP preprocessor rules, you must enable these rules if you want them to generate events and, in an inline deployment, drop offending packets.
Preprocessor Rule GID:SID |
Triggers when... |
---|---|
140:1 |
the preprocessor is monitoring the maximum number of SIP sessions allowed by the system. |
140:2 |
the required Request_URI field is empty in a SIP request. |
140:4 |
the Call-ID header field is empty in a SIP request or response. |
140:6 |
the value for the sequence number in the SIP request or response CSeq field is not a 32-bit unsigned integer less than 231. |
140:8 |
the From header field is empty in a SIP request or response. |
140:10 |
the To header field is empty in a SIP request or response. |
140:12 |
the Via header field is empty in a SIP request or response |
140:14 |
the required Contact header field is empty in a SIP request or response. |
140:17 |
a single SIP request or response packet in UDP traffic contains multiple messages. Note that older SIP versions supported multiple messages, but SIP 2.0 supports only one message per packet. |
140:18 |
the actual length of the message body in a SIP request or response in UDP traffic does not match the value specified in the Content-Length header field in a SIP request or response. |
140:19 |
the preprocessor does not recognize a method name in the CSeq field of a SIP response. |
140:20 |
the SIP server does not challenge an authenticated invite message. Note that this occurs in the case of the InviteReplay billing attack. |
140:21 |
session information changes before the call is set up. Note that this occurs in the case of the FakeBusy billing attack. |
140:22 |
the response status code is not a three-digit number. |
140:23 |
the Content-Type header field does not specify a content type and the message body contains data. |
140:24 |
the SIP version is not 1, 1.1, or 2.0. |
140:25 |
the method specified in the CSeq header and the method field do not match in a SIP request. |
140:26 |
the preprocessor does not recognize the method named in the SIP request method field. |