Author Topic: Help - Need to stop an Attack  (Read 3630 times)

DMoody007

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Help - Need to stop an Attack
« on: February 07, 2014, 09:50:18 am »
Long story short - We tried to replace firewall before end of contract but failed.  Current firewall (Netscreen 25) no longer supported by Juniper and I am getting attacked.  All attempts to stop unsuccessful.  Need some assistance from an expert out there:

We have a SIP server.  Person is coming in via IP to the SIP server and clogging up all the trucks basically shutting down our phone service.

I wire sharked the server and determined the IP address of 188.138.109.154
Details in wireshark match details of call log/attempts.

I put in a policy from Untrust to Trust where Origin is 188.138.109.154/24 to destination Any
Service ANY
Action Deny
Logging Checked at Beginning Session checked.
Moved policy to top of list.

Ideas for something I missed?

kunal1989

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: Help - Need to stop an Attack
« Reply #1 on: February 11, 2014, 05:58:12 am »
The policy is fine , it will block all the traffic coming from 188.138.109.154.
But if you have configured a MIP or VIP on your untrust interface which is mapped to your internal SIP server the you have to create one more policy and that will be

src-188.138.109.154
dst-MIP/VIP (address object)
service -Any
Action - deny

Regards

kunal