Adtran
Help
BIG NEWS! The Adtran Support Community is moving! In the next few weeks it will be housed in a new location. Be sure to visit our NEW Adtran Community before the end of July to check it out and verify that you can access all the resources and features that you need. If you discover any issues with your account or access, or just want to let us know about your experience, be sure to use our Feedback Form to let us know!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Anonymous
Not applicable
‎05-23-2018 04:48 AM

SIP stack timer retransmit

I am seeing this "SIP stack timer retransmit" every now and then in the log. Also I see this suspicious ip address that when I googled showed the following details:

5.62.63.182   --> Avast

212.129.10.158 --> Some ip in France described as in abuseipdb.com

I restricted both the ip with a subnet on my firewall but I still see these in the adtran logs. Any help is really appreciated.

Labels (2)
Labels
Tags (2)
ta908e_log.txt.zip
0 Kudos
Reply
1 Reply
jayh
Honored Contributor
Honored Contributor
‎05-23-2018 12:03 PM

Re: SIP stack timer retransmit

Your firewall probably doesn't apply it to the "self" context, so it blocks traffic through the device but not to the device. Firewalling these attackers individually doesn't scale very well.

Fix:

Create a standard access-list sip-access. include in it the IPs of the external SIP servers of your provider(s) as well as any internal subnets with SIP phones

Apply it to the SIP process.

ip access-list standard sip-access

permit 192.168.2.0 0.0.0.255 ! internal phone subnet

permit host 192.0.2.33  ! Provider's SIP server

!

sip access-class ip "sip-access" in

0 Kudos
Accept as Solution Reply