sylverboss writes: SIP DDoS attacks are becoming more widespread than ever (specially the ones originating from China) which can trigger 100's of SIP messages per sec and a large volume of traffic. Snort and IPTABLES are good tools to alert and mitigate such attacks but become limited when new attacks are launched. By the time the attack is stopped, the damage is done. In this paper, Konrad R. (who I've contacted) and others describe a "A Self-Learning System for Detection of Anomalous SIP Messages". Their approach is interesting but unfortunately the software has been developed for Alcatel/Lucent. So, I wonder if the Slashdot community has implemented efficient ways to mitigate "0-day" type of attacks or even better detect anomalies in SIP signaling by just using open source software or very clever iptables rules.