sipPROT                                    

                        

                                                         Keep Your System Secure!                        

       

                                                       

SIP Protection

sipPROT is a PBXware and SERVERware module that provides protection from SIP attacks. Brute-force break-in attempts and Denial of Service attacks are quite frequent and unpredictable threat. Unprotected VoIP PBX systems are very sensitive to this kind of attacks. The most common consequence of this kind of network attack are VOIP service downtime, Call quality issues due to an overloaded network, and Direct financial loss due to network instability. sipPROT’s main purpose is to prevent those attacks.                                                                                                                                                      

Advanced Threat Detection

Unlike other similar solutions, sipPROT works with LIVE SIP traffic, constantly monitoring SIP packets being received. Potential attacks are instantly detected and sipPROT updates the firewall rules and blocks IP addresses from which the attack is coming for a specific amount of time. To detect SIP attacks, sipPROT uses the following advanced detection techniques: Pattern recognition, SIP Scanners protection (immediately blocking known SIP scanners), TFTP brute force protection, and SIP protocol anomaly detection. 

                                                                       

                                 

Standard Features

LIVE SIP Traffic Monitoring

SIP Register Protection

SIP Invite Protection

Advanced Detection Techniques

Dynamically Block / Unblock IPs

Configurable IP Whitelist

Configurable IP Blacklist

Permanent Block Treshold

                                 

Dynamic Blocking and Unblocking

sipPROT features a fully automated attack protection system which blocks attacks more efficiently than most other solutions. In the case of an attack, it updates the firewall rules and blocks IP addresses from which the attack is coming for a specific amount of time. If attacks stop in a certain period of time, sipPROT unblocks compromised IP addresses automatically.

                                

     
Auto Provisioning Attack Detection

Auto-provisioning service is generally considered one of the most vulnerable spots of a SIP system. sipPROT covers this segment as well through the integrated TFTP Brute Force attack detection. An active attacker can redirect profile provisioning request and change the configuration parameters. Then the attacker can redirect phone calls through a malicious server, change passwords, turn the phone into a bug, and exfiltrate system logs (including those numbers dialed by a user).