SIP.Register.Brute.Force
Description
This indicates detection of SIP Register Brute Force attempts.
The attack consists of multiple SIP register requests intended to conduct a brute force attack, launched at a rate of about 5 times in 10 seconds.
Affected Products
all vulnerable applications utilizing the SIP protocol
Impact
System Compromise: Remote attackers can gain access to the service provided by the vulnerable systems.
Recommended Actions
Monitor the traffic from that network for any suspicious activity.
Adjust the threshold for the signature accordingly.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |