We've never seen evidence of issues other than just making phones ring. I assume it's some script kiddies trying to find an open SIP proxy. The routers in use are owned by our ISP partner and managed by them. Typical mid-grade routers like a 1900 series. I'm not aware of an ability to filter SIP as an application with those, though I've been pretty removed from Cisco hands-on for some time. Filtering based on port would not help us. On Fri, Nov 20, 2015 at 2:13 PM, Alex Balashov <abalashov at evaristesys.com> wrote:
On 11/20/2015 04:09 PM, Calvin Ellison wrote:
challenge to BYE should mitigate that particular targeted attack.
Spoofed sequential (in-dialog) requests strike me as less of a concern than initial requests, since, in order for the BYE to match an existing dialog in the phone's UAS, the attacker would have to spoof a valid From & To-tag, Call-ID, CSeq, etc.
-- Alex Balashov | Principal | Evariste Systems LLC 303 Perimeter Center North, Suite 300 Atlanta, GA 30346 United States
Tel: +1-800-250-5920 (toll-free) / +1-678-954-0671 (direct) Web: http://www.evaristesys.com/, http://www.csrpswitch.com/ _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops