Session Initiation Protocol (SIP) is a signaling protocol that is typically used to control communication sessions, such as voice and video calls over IP.
SIP DoS attack detection and prevention serves several functions:
You can use a SIP DoS protection profile to specify the percentage increase over the system baseline, which indicates that a possible attack is in process on a particular SIP method, or an increase in anomalous packets. You can also rate limit packets of known vectors. For all SIP vectors except sip-malformed, the system can manage thresholds automatically or manually. You can manually set thresholds for malformed SIP packets.
You can specify an address list as a whitelist, that the DoS checks allow. Whitelisted addresses are not subject to the checks configured in the protection profile.
To guard a protected object from SIP DoS attacks, you need to associate the protected object with a protection profile that includes SIP security.