With the Denial of Service (DoS) security feature of the EMS, you can view and edit DoS and Distributed Denial-of-Service (DDoS) attack response control parameters. These parameters can then be applied either to individual SIP endpoints or their parent domain. Also, the Avaya SBC supports DoS activity reporting for certain time periods. The server DoS feature and the Domain DoS features are further classified based on traffic types, such as Remote Worker, Trunk and Remote Worker, and Trunk. The following rules describe the input methods:

• For Remote Worker, the input is taken from Number of remote workers and Max Concurrent Sessions.

• For Trunk, the input is taken from Max Concurrent Sessions.

• For Remote Worker and Trunk, the input is taken from Number of remote workers and Max Concurrent Sessions.

Rules for setting threshold values for different types of traffic:

• Server DoS is applicable for initiated thresholds. Initiated threshold is applicable for any SIP request routed to the server irrespective of whether any response is received.

• In calculation of all threshold values, 10% of actual value is considered.

• Server DoS can also be applicable for remote worker traffic in case of pending threshold value. Pending threshold means SIP Request for which no corresponding response has come from the server.

• Server DoS feature is also applicable in case of failed threshold value. Failed threshold implies that failure request has come for a SIP request other than 401 and 407.

List of recommended threshold values:

• Recommended threshold value for Single Source DoS feature for remote worker deployment is 300 messages.

• Recommended threshold value for trunk is 15 messages.

• The default threshold value for Avaya remote worker in case of phone DoS is 200 messages.

• The recommended threshold value for Call Walking in case of remote worker deployment: INVITE – 10 messages, Registration – 5 messages, and All – 20 messages.