FreePBX triggers Network attacks - protocol-voip

Hi, all of a sudden we see that our FreePBX installations triggers Network-attacks in our XGS.

"Attacker" is our FreePBX, 192.168.1.22 - "Victim" is the IP of our SIP-Trunk Provider. Attack : PROTOCOL-VOIP Contact header format string attempt. This is getting dropped which results in our FreePBX not being able to initiate the SIP Trunk.

Any ideas why this all of a sudden happens and how i can tell the FW to stop dropping these "Attacks"

Thank you!

Added TAGs
[edited by: Raphael Alganes at 12:40 PM (GMT -7) on 31 Oct 2024]

0 Vishal_R 21 days ago

Hi 148Points Thank you for reaching out to the Sophos community team. It looks like traffic initiated from FreePBX towards your trunk provider has a matching traffic pattern with the IPS signature of "PROTOCOL-VOIP Contact header format string attempt". This may require Support case investigation, so support may collect the required logs and PCAP file to have validation on it and to confirm if it is false positive detection or any other reasons! Once the case is logged please share the support case ID with us here to review its progress or to add the required notes over it.

Regards,

Vishal Ranpariya
Technical Account Manager | Sophos Technical Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel