I have recently been dealing with sip invite method request flood attempt show up not only in my threatsm but also making it impossible to make calls external or external to internal calls because its trying to call a number every 4 seconds and taking all my SIP connections available. Besides blocking it on the firewall and having the ISP deadroute the called or called number is there anything else I should do?
Hello @jdprovine ,
Its hard to say what it would have dne in the past. Threat prevent may catch it, but its further into the inspection process so it uses more CPU. Zone and DoS protection are your best options here, I think.
It probably has simply got to a point where the additonal load caused by this flood, and actual line of business calls, have forced you to cross your CCP limit imposed on the trunk. As long as you didn't cross your CCP limit you likely would have never thought to look at the logs to notice the issue in the first place.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!