Carrier web-based manager settings

Leave a reply

The convenience offered by MM1 and MM4 messaging can be abused by users sending spam or attempting to overload the network with an excess of messages. MMS flood prevention can help prevent this type of abuse. A message flood occurs when a single subscriber sends a volume of messages that exceed the flood threshold that you set. The threshold defines the maximum number of messages allowed, the period during which the subscriber sent messages are considered, and the length of time the sender is restricted from sending messages after a flood is detected. For example, for the first threshold you may determine that any subscriber who sends more than 100 MM1 messages in an hour (60 minutes) will have all outgoing messages blocked for 30 minutes.

 

Action   Description
 

Log

    

Add a log entry indicating that a message flood has occurred. You must also enable logging for MMS Scanning > Bulk Messages in the Log– ging section of the MMS protection profile.
     

Save the first message to exceed the flood threshold, or all the mes- sages that exceed the flood threshold, in the DLP archive. DLP archiv-
DLP Ar chive ing flood messages may not always produce useful results. Since

different messages can be causing the flood, reviewing the archived messages may not be a good indication of what is causing the problem since the messages could be completely random.
   

All messages

  

All the messages that exceed the flood threshold will be saved in the

DLP archive.
     

Save only the first message to exceed the flood threshold in the DLP

 

First message only

archive. Other messages in the flood are not saved. For message floods

this may not produce much useful information since a legitimate mes- sage could trigger the flood threshold.

Intercept                                          Messages that exceed the flood threshold are passed to the recipients, but if quarantine is enabled for intercepted messages, a copy of each message will also quarantined for later examination. If the quarantine of intercepted messages is disabled, the Intercept action has no effect.

Block

Messages that exceed the flood threshold are blocked and will not be delivered to the message recipients. If quarantine is enabled for blocked messages, a copy of each message will quarantined for later exam- ination.

Alert Notification                            If the flood threshold is exceeded, the Carrier-enabled FortiGate unit will send an MMS flood notification message.

In the web-based manager when Alert Notification is selected it dis- plays the fields to configure the notification.

Flood protection for MM1 messages prevents your subscribers from sending too many messages to your MMSC. Configuring flood protection for MM4 messages prevents another service provider from sending too many messages from the same subscriber to your MMSC.

 

Message flood configuration settings

The following are message flood configuration settings in Security Profiles > Carrier > Message Flood.

 

Message Flood

Lists the large amount of messages that are being sent to you from outside sources.

Removes messages from the list.

 

Delete

To remove multiple messages from within the list, on the Message Flood page, in each row of the messages you want removed, select the check box and then select Delete.

To remove all messages from the list, on the Message Flood page, select the check box in the check box column and then select Delete.

Remove All Entries                   Removes all messages from the list.

Protocol                                      The protocol used.

MMS Profile                               The MMS profile that is used.

Sender                                        The sender’s email address.

Level                                           The level of severity of the message.

Count                                          The count column can be up or down and these settings can be turned off by selecting beside the column’s name.

Window Size (minutes)            The time in minutes.

Timer (minutes:seconds)         The time in seconds and in minutes. The timer column can be up or down and these settings turned off by selecting beside the column’s name.

Page Controls                           Use to navigate through the list.

Duplicate Message

 

Duplicate message protection for MM1 messages prevents multiple subscribers from sending duplicate messages to your MMSC. Duplicate message protection for MM4 messages prevents another service provider from sending duplicate messages from the same subscriber to your MMSC.

The unit keeps track of the sent messages. If the same message appears more often than the threshold value that you have configured, action is taken. Possible actions are logging the duplicate messages, blocking or intercepting them, archiving, and sending an alert to inform an administrator that duplicate messages are occurring.

 

Duplicate message configuration settings

View duplicate messages in Security Profiles > Carrier > Duplicate Message.

 

Duplicate Message

Lists duplicates of messages that were sent to you.

Removes a message from the list.

Delete

To remove multiple duplicate messages from within the list, on the Mes- sage Flood page, in each row of the messages you want removed, select the check box and then select Delete.

To remove all duplicate messages from the list, on the Message Flood page, select the check box in the check box column and then select Delete.


Page Controls                           Use to navigate through the list.

Remove All Entries                   Removes all duplicate messages from the list.

Protocol                                      Either MM1 or MM4

Profile                                         The MMS profile that logs the detection.

Checksum                                  The checksum of the MMS message.

Status

Either flagged or blank. Flagged means that the actions defined in the

MMS profile are taken. For more information, see “MMS bulk email filtering options”.

Count                                          Displays the number of messages in the last window of time.

Window Size (minutes)            The period of time during which a message flood will be detected if the

Message Flood Limit is exceeded.

Timer (minutes:seconds)         Either the time left in the window if the message is unflagged, or the time until the message will be unflagged if it is already flagged.

Carrier Endpoint Filter Lists

A carrier endpoint filter list contains carrier endpoint patterns. A pattern can match one carrier endpoint or can use wildcards or regular expressions to match multiple carrier endpoints. For each pattern, you select the action that the unit takes on a message when the pattern matches a carrier endpoint in the message. Actions include

blocking the message, exempting the message from MMS scanning, and exempting the message from all scanning. You can also configure the pattern to intercept the message and content archive the message to a FortiAnalyzer unit.

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
This entry was posted in FortiOS 5.4 Handbook on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.