sip invite method request flood attempt

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

sip invite method request flood attempt

L4 Transporter

I have recently been dealing with sip invite method request flood attempt show up not only in my threatsm but also making it impossible to make calls external or external to internal calls because its trying to call a number every 4 seconds and taking all my SIP connections available. Besides blocking it on the firewall and having the ISP deadroute the called or called number is there anything else I should do?

5 REPLIES 5

Cyber Elite
Cyber Elite

Cyber Elite
Cyber Elite

@jdprovine,

A DoS Protection Policy as mentioned by @OtakarKlier is probably the best solution to go for something like this, but will involve a fair bit of tuning to get everything to play nice. 

@BPry @OtakarKlier 

At the least I can block it through the threat prevention, but I don't know how it works, and it appears to started back when they put in the sip trunks last June. Shouldn't it be causing issues all the time with the phones?

Hello @jdprovine ,

Its hard to say what it would have dne in the past. Threat prevent may catch it, but its further into the inspection process so it uses more CPU. Zone and DoS protection are your best options here, I think.

 

Regards,

@jdprovine,

It probably has simply got to a point where the additonal load caused by this flood, and actual line of business calls, have forced you to cross your CCP limit imposed on the trunk. As long as you didn't cross your CCP limit you likely would have never thought to look at the logs to notice the issue in the first place. 

  • 16726 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!