[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Issue: Counters for Session Contexts not found in RFC3576 MIBS
On Wed, 28 Sep 2005, Murtaza Chiba (mchiba) wrote:
> Glen Z., has suggested the addition of counters in the event where the Session Context is not found for the
> RFC3576 MIBS. This requires the addition of 4 objects, one each for DM
> and CoA messages for both the client and server MIBs. There is a good
> need for this as NAKs could be sent for Diameter RAR capabilities, in
> which case the NAK is not an error condition.
I think this makes sense.
> Other Error Cause codes will not have corresponding counters. There is a security concern that
> the counter may provide information valuable for attacks. The authors
> would like to get the general feel for this.
Presumably access is only being provided to the SNMP manager, correct? I
would focus on whether the information is useful rather than whether it is
There is probably some value in tracking error messages by DAC and DAS, so
as to see if there is a problem with a client or server. For example, if
an error 501 is being returned by a DAC (Administratively Prohibited),
this could represent a security problem that needs to be addressed (e.g.
someone is trying to send unauthorized Disconnect-Requests).
I'm note sure whether the way to do this is via counters or potentially an
error message table.
> Alternative, is to maintain a counter for requests that are for Diameter RAR capabilities.
I do think it may make sense to count "Authorization Only" CoA and
Disconnect-Requests. In terms of the
to unsubscribe send a message to email@example.com with
the word 'unsubscribe' in a single line as the message text body.