Help - Need to stop an Attack
DMoody007 last edited by
Long story short - We tried to replace firewall before end of contract but failed. Current firewall (Netscreen 25) no longer supported by Juniper and I am getting attacked. All attempts to stop unsuccessful. Need some assistance from an expert out there:
We have a SIP server. Person is coming in via IP to the SIP server and clogging up all the trucks basically shutting down our phone service.
I wire sharked the server and determined the IP address of 220.127.116.11
Details in wireshark match details of call log/attempts.
I put in a policy from Untrust to Trust where Origin is 18.104.22.168/24 to destination Any
Logging Checked at Beginning Session checked.
Moved policy to top of list.
Ideas for something I missed?
kunal1989 last edited by
The policy is fine , it will block all the traffic coming from 22.214.171.124.
But if you have configured a MIP or VIP on your untrust interface which is mapped to your internal SIP server the you have to create one more policy and that will be
dst-MIP/VIP (address object)
Action - deny