Hi >Something you may want to consider is to put ACLs as far upstream as possible >from your SBCs and only allow through what you need to the SBCs. For example, >apply a filter only permitting UDP 5060 and your RTP port range to your SBCs >and then blocking everything else. This is free and should stop a lot of >>common DDoS attacks before they ever get to your SBCs. Even better if you >can get your upstream ISP to apply the ACL. DDoS attack traffic should be >dropped as close to the source as possible.
Yes Attacks on voip have become more prevalent unfortunately. Another thing to consider is blocking fragments , which have been a major factor in the attacks I have seen in sip. But to do this you need to make sure that you are not exceeding mtu length in Invites, or block fragments only from untrusted IPs. Brian
