[EXTERNAL] VoIP Provider DDoSes

• Previous message (by thread): [EXTERNAL] VoIP Provider DDoSes
• Next message (by thread): QVC
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi

>Something you may want to consider is to put ACLs as far upstream as possible from your SBCs and only allow through what you need to the SBCs.  For example, apply a filter only permitting UDP 5060 and your RTP port range to your SBCs and then blocking everything else.  This is free and should stop a lot of >common DDoS attacks before they ever get to your SBCs.  Even better if you can get your upstream ISP to apply the ACL.  DDoS attack traffic should be dropped as close to the source as possible.

Yes Attacks on voip have become more prevalent unfortunately.
Another thing to consider is blocking fragments , which have been a major factor in the attacks I have seen in sip.
But to do this you need to make sure that you are not exceeding mtu length in Invites, or block fragments only from untrusted IPs.

Brian

• Previous message (by thread): [EXTERNAL] VoIP Provider DDoSes
• Next message (by thread): QVC
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]