Report Blocked IPs in "IP Access Control" in Firewalls and NAT Posted April 9, 2012 In this specific case, there are all SIP level blocking (most probably, someone is sending too many packets during a short interval) 108.163.194.149/32 Block (sip) 113.105.167.122/32 Block (sip) 46.165.195.130/32 Block (sip) Hi, I need help! We are in problem with the Snom 300. The Cisco IPS is blocking the connections with this signature: http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=25999&signatureSubId=0 Log IPS: Drop: evIdsAlert: eventId=1333636247462315372 vendor=Cisco severity=high originator: hostId: ips appName: sensorApp appInstanceId: 456 time: Abr 09, 2012 16:43:02 UTC offset=-180 timeZone=GMT-03:00 signature: description=Malformed SIP Packet Denial of Service id=25999 version=S598 type=vulnerability created=20100512 subsigId: 0 sigDetails: Malformed SIP Packet Denial of Service marsCategory: DoS/NetworkDevice interfaceGroup: vs0 vlan: 0 participants: attacker: addr: "X.X.X.X Local IP Network" locality=OUT port: 2048 target: addr: "X.X.X.X - PBX IP" locality=OUT port: 5060 os: idSource=unknown type=unknown relevance=relevant actions: droppedPacket: true alertDetails: InterfaceAttributes: context="single_vf" physical="Unknown" backplane="GigabitEthernet0/1" ; riskRatingValue: 95 targetValueRating=medium attackRelevanceRating=relevant threatRatingValue: 60 interface: GigabitEthernet0/1 context=single_vf physical=Unknown backplane=GigabitEthernet0/1 protocol: udp This only happens with Snom phones because we have other phones from Cisco, and these Policom works perfectly.
Blocked IPs in "IP Access Control"
in Firewalls and NAT
Posted
Hi,
I need help!
We are in problem with the Snom 300.
The Cisco IPS is blocking the connections with this signature: http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=25999&signatureSubId=0
Log IPS:
Drop:
evIdsAlert: eventId=1333636247462315372 vendor=Cisco severity=high
originator:
hostId: ips
appName: sensorApp
appInstanceId: 456
time: Abr 09, 2012 16:43:02 UTC offset=-180 timeZone=GMT-03:00
signature: description=Malformed SIP Packet Denial of Service id=25999 version=S598 type=vulnerability created=20100512
subsigId: 0
sigDetails: Malformed SIP Packet Denial of Service
marsCategory: DoS/NetworkDevice
interfaceGroup: vs0
vlan: 0
participants:
attacker:
addr: "X.X.X.X Local IP Network" locality=OUT
port: 2048
target:
addr: "X.X.X.X - PBX IP" locality=OUT
port: 5060
os: idSource=unknown type=unknown relevance=relevant
actions:
droppedPacket: true
alertDetails: InterfaceAttributes: context="single_vf" physical="Unknown" backplane="GigabitEthernet0/1" ;
riskRatingValue: 95 targetValueRating=medium attackRelevanceRating=relevant
threatRatingValue: 60
interface: GigabitEthernet0/1 context=single_vf physical=Unknown backplane=GigabitEthernet0/1
protocol: udp
This only happens with Snom phones because we have other phones from Cisco, and these Policom works perfectly.