CiscoのVoIPのCallmanagerに脆弱性があって、DoSを受けるそうです。以下のポートをフィルタする方が良さそうです。

Filtering traffic as follows for affected CUCM / CUPS systems can be used as a mitigation technique:
Permit TCP port 2000 (SCCP) and TCP port 2443 (SCCPS) to CUCM systems only from VoIP endpoints.
ICMP Echo Requests (type 8) should be blocked for CUCM and CUPS systems. This may affect network management applications and troubleshooting procedures.
UDP Port 8500 (IPSec Manager) should only be permitted between CUCM / CUPS systems configured in a cluster deployment.

関連URL

• CiscoのIP電話コンポーネントに脆弱性 - ITmedia エンタープライズ