GTP Overbilling Configuration

To protect subscribers of a PLMN from Overbilling attacks requires two NetScreen devices and involves the NSGP module and protocol.

The NSGP module includes two components: the client and the server. The client connects to the server and sends requests, which the server processes. Both client and server support multiple connections to each other and to others simultaneously.

The NSGP protocol uses the Transmission Control Protocol (TCP) and monitors the connectivity between client and server by sending Hello messages at set intervals. NSGP currently only supports the “session” type of context, which is a space that holds user-session information and is bound to a security zone. Also, a context is identified by a unique number (context ID).

When configuring NSGP on the client and server devices, you must use the same context ID on each devices. When the client sends a “clear session” request to the server, the request must include the context ID and IP address of the server. Upon receiving the “clear session” message, the server matches the context ID and then clears the session from its table.

The NetScreen device acting as the Gi firewall (the server) must run the ScreenOS 5.0.0 NSGP firmware (NetScreen Gatekeeper Protocol), and the other device acting as the GTP firewall (the client) must run the ScreenOS 5.0.0 GPRS firmware. You configure NSGP on the GTP firewall to enable it to notify the Gi firewall when a GTP tunnel is deleted and you configure NSGP on the Gi firewall to enable it to automatically clear sessions whenever the Gi firewall gets a notification from the GTP firewall that a GTP tunnel was deleted. By clearing the sessions, the Gi firewall stops the unsolicited traffic.

To Configure Overbilling Notification