How to configure to block OpenSBC SIP INVITE DoS in SonicOS Enhanced.
03/26/2020 8 11712
This article explains how to block OpenSBC SIP INVITE DoS.
Enable IPS in zones
OpenSBC SIP INVITE DoS is an unspecified vulnerability in the OpenSBC which allows remote attackers to cause a denial of service via a SIP INVITE request.
Go to Security Services ->Intusion Prevention and follow the following steps:
>> Step 1: Enable IPS check box at the top of the page.
>> Step 2: Enable "Prevent All" and "Detect All" for medium priority risks.
>> Step 3: Under IPS policies make the category as "VoIP Attacks" and make the priority as "Medium".
>> Step 4: Click on the configuration button of "OpenSBC SIP INVITE DoS"
>> Step 5 : Enable prevention and detection for "OpenSBC SIP INVITE DoS"
After enabling the prevention and detection the page will look like this.
By default when you enable medium priority the prevention and detection block for OpenSBC SIP INVITE DoS will be enabled.
Enabling IPS in Zones:
Go to Network --> Zones and follow the following steps.
>> Step 1: Click on configure button in LAN zone and enable IPS check box.
>> Step 2: Click on configure button in WAN zone and enable IPS check box.