"Sipvicious" and "Sunday ddr" attacks are common and frequently in Internet.
If your VoIP system must be directly exposed in Internet, I suggest you to configure a WHITE Access List to allow only friendly network, use strong password to protect all SIP accounts and change SIP standard ports.
I use also IPS and IDS like Tipping Point and Ingate. They have special filter rules to prevent Sipvicious attacks.
SIP OPTIONS are messages handled by the router itself. No dial-peers are matched.
You can build a sip-profile but this feature is not thinked as a match criteria and so you cannot reject or ignore a message.
The sip profile should be applied globally:
voice service voip sip sip-profiles 100
voice class sip-profiles 100 request OPTIONS sip-header User-Agent ... (only remove, modify or copy actions are allowed).
My suggestion is to apply an ACL to filter all unwanted SIP traffic.
If you cannot filter IP traffic (this is also my case) my suggestion is to put infront of the cisco an SBC able to filter these attacks. In my carrier-class scenario I use ORACLE Acme-Packet SBC with a sipShield feauture. Also IPS like Tipping Point or SonicWall are able to recognize and filter these attacks. If you want you can also use a virtual machine with a free Kamailio or OpenSIPS proxy before the cisco just to filter them.
IntroductionCUCM Routing RulesDial String implementation PolicyCUCM Routing LogicSIP URI Call Routing Analysis+++ Case Study: 1 ++++++ Case Study: 2 +++Conclusion
Over the last few months, I have had the privilege of working on SI...
Are you getting this error “Installer User Interface Mode Not Supported. The installer cannot run in this UI mode. To specify the interface mode, use the -i command-line option, followed by the UI mode identifier. The value UI mode identifiers...