Can anyone please confirm my thinking for the CVE-2018-15454 SIP DOS Attack mitigation.  If we only initiate SIP connections outbound and we do not have any rules allowing inbound connections, this attack is not possible from outside.  I just want to check this isn't one of those things that ASA does stuff in the background without explicit rules needing to be present.