1 Reply Latest reply on May 23, 2018 10:03 AM by jayh

    SIP stack timer retransmit

    mcdeeiis New Member

      I am seeing this "SIP stack timer retransmit" every now and then in the log. Also I see this suspicious ip address that when I googled showed the following details:

      5.62.63.182   --> Avast

      212.129.10.158 --> Some ip in France described as in abuseipdb.com

       

      I restricted both the ip with a subnet on my firewall but I still see these in the adtran logs. Any help is really appreciated.

        • Re: SIP stack timer retransmit
          jayh Hall_of_Fame

          Your firewall probably doesn't apply it to the "self" context, so it blocks traffic through the device but not to the device. Firewalling these attackers individually doesn't scale very well.

           

          Fix:

           

          Create a standard access-list sip-access. include in it the IPs of the external SIP servers of your provider(s) as well as any internal subnets with SIP phones

          Apply it to the SIP process.

           

          ip access-list standard sip-access

          permit 192.168.2.0 0.0.0.255 ! internal phone subnet

          permit host 192.0.2.33  ! Provider's SIP server

          !

          sip access-class ip "sip-access" in