The defense policies for SIP services .
NOTE: The AntiDDoS identifies well-known protocols by port number. Non-SIP services with port 5060 may be identified as SIP services and therefore be discarded when matching specific policies. Therefore, do not use well-known ports for other services.
Source detection
When defense is enabled and the rate of SIP packets exceeds Threshold, the device reports anomaly events to the ATIC Management center and starts defense against SIP packets based on the destination IP address.
Rate Limiting of Source IP Address
AntiDDoS always enables source IP address-based rate limiting over SIP packets.
You are advised to configure Threshold (pps) based on baseline learning. For details, see Configuring a Baseline Learning Task.