User Community Feedback

Submitted ideas will be evaluated by our product teams for upcoming releases and will be responded to so you know where things stand. For product support, please use the community forums or contact TAC.

NOTE: All Cisco employees & Channel Partners must enter Ideas through this Ideas Portal.

Expressway B2b CPL Rules Improvement

Currently IN a B2B scenario with port 5060 opened for TCP SIP, attackers can bypass the CPL rules just by editing the source field of the sip invite to avoid hitting the block the rules, by doing trial and error, wich renders the rules Ineffective, and creates the need to constantly add new rules to avoid spam calls.

Even with improved automated protection the attacker just needs to

change the attack cadence to avoid the automation protection triggering.

An improvement should be added in automation detection mechanism.

i.e if to may calls fronm the same source ip address with different sip source addresses done in a short amout of time should be flagged as a possible attack and able to be blocked automattically

  • Guest
  • Jun 1 2022