Adtran
Help
Attention! The Adtran support community will be placed in read-only mode on Monday, January 20th, at 8 AM CST for system maintenance. During this time, new posts, replies, or other content updates will be unavailable. The system will return to normal functionality by 9 AM CST on Tuesday, January 21st. If you encounter any product issues during this read-only period, you can reach out to Adtran support at any time. Thank you!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Anonymous
Not applicable
‎12-28-2020 08:54 AM

Fireall not blocking hacking attamps

this is wha ti have in my config 

ip access-list extended SIP
remark SIP Service Provider
permit udp host 107.191.xxx.xxx any eq 5060
permit udp host 144.202.xxx.xxx any eq 5060

!
ip access-list extended T
!
!
!
!
ip policy-class Public
allow list Admin self
allow list SIP self

 

however i am getting attacks all day long from all sorts of ip address on port 5060 

i am not sure what i am missing 

0 Kudos
Reply
4 Replies
jayh
New Contributor III
‎12-29-2020 12:14 PM

Re: Fireall not blocking hacking attamps

Add the line in global config:

 

sip access-class ip "SIP" in

0 Kudos
Accept as Solution Reply
Anonymous
Not applicable
‎12-31-2020 09:36 AM

Re: Fireall not blocking hacking attamps

i am getting this error 

 


Access-list must be a standard ACL.

0 Kudos
Accept as Solution Reply
jayh
New Contributor III
‎12-31-2020 05:36 PM

Re: Fireall not blocking hacking attamps

Try this:

 

no ip access-list extended SIP

ip access-list standard SIP
remark SIP Service Provider
permit 107.191.xxx.xxx <wildcard mask>
permit 144.202.xxx.xxx <wildcard mask>

Accept as Solution Reply
Emily
New Contributor
‎05-22-2023 12:22 AM

Re: Fireall not blocking hacking attamps

@jayh wrote:

Try this:

no ip access-list extended SIP

ip access-list standard SIP
remark Idiom Service Provider
permit 107.191.xxx.xxx <wildcard mask>
permit 144.202.xxx.xxx <wildcard mask>

I am very thankful to you for your suggestion. it worked well for me.

0 Kudos
Accept as Solution Reply