Setting Up Juniper Firewall to Block SipVicious

  • 0
  • 1
  • Question
  • Updated 1 year ago
  • Doesn't Need an Answer
Archived and Closed

This conversation is no longer open for comments or replies and is no longer visible to community members. The community moderator provided the following reason for archiving: We have archived this topic as it has either reached a resolution has become inactive, or information contained in this thread is no longer accurate. If you have a related question on this subject, please post a new topic.

We are in an Urgent situation.  We are currently using an Juniper SSG-20 Firewall and RingCentral.  Our primary call group is, we think, being attacked by SipVicious.  We have a case opened with RingCentral but decided to try to community as well to see if there was anyone out there with Juniper experience in setting up their firewall with RingCentral ports and IP's to prevent attacks.

We built a policy and services in the Juniper but we still have issues.

We are using VVX-410 phones and RingCentral Standard.

Symptoms of attack thus far:
Only happening to four phones out of thirty in the company. The four are in a call group. Each has presence setup to see the other users if one phone, getting call, etc. Presence lights will all start to blink as if getting a call but no ringer.  If you click on button to get call, we have a caller ID but no call.  We call the number in caller ID and they state they did not call us.

Newest wrinkle is loss of audio.  After so many calls, the individual phone can not hear the caller but the caller can hear us.  We only regain audio after rebooting the phone.

Any suggestions or ideas from the community would be appreciated.

Photo of DMoody007

DMoody007

  • 190 Points 100 badge 2x thumb

Posted 1 year ago

  • 0
  • 1
Photo of Brandon

Brandon, Champion

  • 18,532 Points 10k badge 2x thumb
Do you have inbound voip ports opened through your firewall?  It sounds like you may, but you should not.  What indication do you have of being attacked?  Logs from the firewall?  Here are current network configuration docs that may help:

https://netstorage.ringcentral.com/guides/network_condensed.pdf
https://netstorage.ringcentral.com/guides/network_extended.pdf
Photo of DMoody007

DMoody007

  • 190 Points 100 badge 2x thumb

Brandon,

Just got off phone with second tier support and the consensus is that we are not being attacked as originally thought. They are aware of an internal issue with presence and we appear to be suffering from it as well.  Gives us the impression phones are in use but are not.

They are thinking the audio issue may be another issue from that of the presence issue and UDP packets are bogging down either my switch or firewall.  I am looking at the configs of both to see if we have any UDP flow restrictions that we may be exceeding.

Douglas

This conversation is no longer open for comments or replies.