Help - Need to stop an Attack



  • Long story short - We tried to replace firewall before end of contract but failed.  Current firewall (Netscreen 25) no longer supported by Juniper and I am getting attacked.  All attempts to stop unsuccessful.  Need some assistance from an expert out there:

    We have a SIP server.  Person is coming in via IP to the SIP server and clogging up all the trucks basically shutting down our phone service.

    I wire sharked the server and determined the IP address of 188.138.109.154
    Details in wireshark match details of call log/attempts.

    I put in a policy from Untrust to Trust where Origin is 188.138.109.154/24 to destination Any
    Service ANY
    Action Deny
    Logging Checked at Beginning Session checked.
    Moved policy to top of list.

    Ideas for something I missed?



  • The policy is fine , it will block all the traffic coming from 188.138.109.154.
    But if you have configured a MIP or VIP on your untrust interface which is mapped to your internal SIP server the you have to create one more policy and that will be

    src-188.138.109.154
    dst-MIP/VIP (address object)
    service -Any
    Action - deny

    Regards

    kunal


 

36
Online

38.4k
Users

12.7k
Topics

44.5k
Posts