22 Mar
2019
22 Mar
'19
9:46 p.m.
<!-- Kamailio Pull Request Template -->
<!--
IMPORTANT:
- for detailed contributing guidelines, read:
https://github.com/kamailio/kamailio/blob/master/.github/CONTRIBUTING.md
- pull requests must be done to master branch, unless they are backports
of fixes from master branch to a stable branch
- backports to stable branches must be done with 'git cherry-pick -x ...'
- code is contributed under BSD for core and main components (tm, sl, auth, tls)
- code is contributed GPLv2 or a compatible license for the other components
- GPL code is contributed with OpenSSL licensing exception
-->
#### Pre-Submission Checklist
<!-- Go over all points below, and after creating the PR, tick all the checkboxes that
apply -->
<!-- All points should be verified, otherwise, read the CONTRIBUTING guidelines from
above-->
<!-- If you're unsure about any of these, don't hesitate to ask on sr-dev
mailing list -->
- [X] Commit message has the format required by CONTRIBUTING guide
- [X] Commits are split per component (core, individual modules, libs, utils, ...)
- [X] Each component has a single commit (if not, squash them into one commit)
- [X] No commits to README files for modules (changes must be done to docbook files
in `doc/` subfolder, the README file is autogenerated)
#### Type Of Change
- [ ] Small bug fix (non-breaking change which fixes an issue)
- [X] New feature (non-breaking change which adds new functionality)
- [ ] Breaking change (fix or feature that would change existing functionality)
#### Checklist:
<!-- Go over all points below, and after creating the PR, tick the checkboxes that
apply -->
- [ ] PR should be backported to stable branches
- [X] Tested changes locally
- [ ] Related to issue #XXXX (replace XXXX with an open issue number)
#### Description
<!-- Describe your changes in detail -->
You can view, comment on, or merge this pull request online at:
https://github.com/kamailio/kamailio/pull/1903
-- Commit Summary --
* etc/kamailio.cfg: detect sipvicious as scanner
-- File Changes --
M etc/kamailio.cfg (2)
-- Patch Links --
https://github.com/kamailio/kamailio/pull/1903.patch
https://github.com/kamailio/kamailio/pull/1903.diff
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/1903
23 Mar
23 Mar
midnight
Probable you want look other [scanners
UA](https://github.com/2600hz/kazoo-configs-kamailio/blob/master/kamailio/d….
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/1903#issuecomment-475809511
6:30 p.m.
Thanks!
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/1903#issuecomment-475889045
6:30 p.m.
Merged #1903 into master.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/1903#event-2224456066
9:58 p.m.
Probable you want look other [scanners
UA](https://github.com/2600hz/kazoo-configs-kamailio/blob/master/kamailio/d….
IMHO adding these makes sense. What do you think?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/1903#issuecomment-475904160
24 Mar
24 Mar
8:57 a.m.
To add the missing user agents from the kazoo cfg snippet sounds good to me.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/1903#issuecomment-475936818
1:53 p.m.
I don't think it is good to add a lot of string there. The default configuration files
is more like a reference. sipvicious is a well known one and made sense (although most of
its versions use `friendly-scanner` in user-agent).
But, afaik, portsip is an sdk and pbx. Then, others like NiceGuy likely to be sipvicious
with a different value set for user agent. If the attacker was changing the default value
to something else, banning that one by regex won't get it fixed for too long, the
attacker will use a different value soon.
In other words, if it is something very common or a tool used for scanning attacks, makes
sense to add. If it is just different user agent name used by an attacker against a
platform, it should not be added in the default config file. There is pike+htable that can
detect DoS attacks.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/1903#issuecomment-475956037
2077
days inactive
2079
days old
6 comments
4 participants
participants (4)
-
Daniel-Constantin Mierla -
Henning Westerholt
-
Kevin Olbrich
-
sergey-safarov