Hi,
I need help!
We are in problem with the Snom 300.
The Cisco IPS is blocking the connections with this signature: http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=25999&signatureSubId=0
Log IPS:
Drop:
evIdsAlert: eventId=1333636247462315372 vendor=Cisco severity=high
originator:
hostId: ips
appName: sensorApp
appInstanceId: 456
time: Abr 09, 2012 16:43:02 UTC offset=-180 timeZone=GMT-03:00
signature: description=Malformed SIP Packet Denial of Service id=25999 version=S598 type=vulnerability created=20100512
subsigId: 0
sigDetails: Malformed SIP Packet Denial of Service
marsCategory: DoS/NetworkDevice
interfaceGroup: vs0
vlan: 0
participants:
attacker:
addr: "X.X.X.X Local IP Network" locality=OUT
port: 2048
target:
addr: "X.X.X.X - PBX IP" locality=OUT
port: 5060
os: idSource=unknown type=unknown relevance=relevant
actions:
droppedPacket: true
alertDetails: InterfaceAttributes: context="single_vf" physical="Unknown" backplane="GigabitEthernet0/1" ;
riskRatingValue: 95 targetValueRating=medium attackRelevanceRating=relevant
threatRatingValue: 60
interface: GigabitEthernet0/1 context=single_vf physical=Unknown backplane=GigabitEthernet0/1
protocol: udp
This only happens with Snom phones because we have other phones from Cisco, and these Policom works perfectly.