Place a SIP device directly on the Internet and watch the network activity. It won’t take long before you see a number of erroneous SIP packets searching for SIP devices. Common IT admin tools are used to scan networks for devices, and in SIP and VoIP applications there are scanners searching for SIP devices. Sending specific SIP packets, these SIP scanners can provoke a response from the SIP device and confirm its availability. Once discovered, more activity may potentially follow such as DoS attacks, toll fraud and others.
There are a number of common SIP scanners that have a unique ‘signature’ within SIP. The best way to deal with these SIP scanners is to identify its ‘signature’ within the SIP, and then outright reject the packet.
The SBC is designed to do just that; it recognizes these SIP scanners by its ‘signature’ and rejects them. Not responding allows the VoIP deployment to be hidden from future security attack attempts.
|Download this printable PDF Cheat Sheet for your reference on the powerful capabilities and features of the Session Border Controller.|