06-26-2019 09:19 AM
I have recently been dealing with sip invite method request flood attempt show up not only in my threatsm but also making it impossible to make calls external or external to internal calls because its trying to call a number every 4 seconds and taking all my SIP connections available. Besides blocking it on the firewall and having the ISP deadroute the called or called number is there anything else I should do?
06-26-2019 10:12 AM
Hello,
I would setup Zone and DoS protection profiles.
Regards,
06-26-2019 11:26 AM
A DoS Protection Policy as mentioned by @OtakarKlier is probably the best solution to go for something like this, but will involve a fair bit of tuning to get everything to play nice.
06-27-2019 11:04 AM
At the least I can block it through the threat prevention, but I don't know how it works, and it appears to started back when they put in the sip trunks last June. Shouldn't it be causing issues all the time with the phones?
06-27-2019 11:09 AM
Hello @jdprovine ,
Its hard to say what it would have dne in the past. Threat prevent may catch it, but its further into the inspection process so it uses more CPU. Zone and DoS protection are your best options here, I think.
Regards,
06-27-2019 02:27 PM
It probably has simply got to a point where the additonal load caused by this flood, and actual line of business calls, have forced you to cross your CCP limit imposed on the trunk. As long as you didn't cross your CCP limit you likely would have never thought to look at the logs to notice the issue in the first place.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
