CPC H04L 63/0263 (2013.01) [H04L 61/5007 (2022.05); H04L 63/10 (2013.01); H04L 63/1458 (2013.01); H04L 63/1466 (2013.01); H04L 63/20 (2013.01); H04W 12/122 (2021.01); H04W 24/08 (2013.01); H04L 2463/141 (2013.01); H04W 80/02 (2013.01); H04W 84/04 (2013.01)] | 19 Claims |
1. A system, comprising:
a processor configured to:
monitor network traffic on a mobile network at a security platform to identify a Packet Forwarding Control Protocol (PFCP) message associated with a new session, wherein the mobile network includes a 4G network or a 5G network, wherein the security platform is configured to perform detection and prevention of Denial of Service (DoS) attacks for securing control and user plane separation in the mobile network;
extract a plurality of parameters from the PFCP message at the security platform, wherein the plurality of parameters include an IPv4 address and/or an IPv6 address, together with a Tunnel Endpoint Identifier (TEID) range;
enforce a security policy at the security platform on the new session based on one or more of the plurality of parameters to secure control and user plane separation in the mobile network, comprising to:
determine whether the TEID range, and the IPv4 address and/or IPv6 address of the plurality of parameters match a TEID range together with an IPv4 address and/or an IPv6 address of a tunnel to be set up; and
in response to a determination that the TEID range, and the IPv4 address and/or IPv6 address of the plurality of parameters match the TEID range together with the IPv4 address and/or the IPv6 address of the tunnel to be set up, allow the tunnel to be set up; and
parse the PFCP message to extract a source IP address, Session Endpoint Identifier (SEID) 1, a destination IP address, SEID 2, and a protocol in use related to a PFCP association; and
a memory coupled to the processor and configured to provide the processor with instructions.
|