26 Mar
2014
26 Mar
'14
8:27 a.m.
Hi Aryn,
changing the standard Listen Port 5060 to something like 5871 will keep
approximately 50% of the bad boys away.
Log user agent client name like
if
($ua=~"friendly-scanner"||$ua=~"sipcli"||$ua=~"sundayddr"||$ua=~"sipsak"||$ua=~"sipvicious"||$ua=~"iWar"||$ua=~"sip-scan")
{
sl_send_reply("403", "Forbidden");
xlog("L_ALERT","IPTABLES: blocking $si $ua\n");
drop();
}
Let fail2ban put the source IP of the bad boy in your firewall for 1h or
longer drop time like
fail2ban filter:
[INCLUDES]
#before = common.conf
[Definition]
# filter for kamailio messages
failregex = IPTABLES: blocking <HOST>
Hide your server name like
server_header="Server: sipserver-007"
use strong passwords and don't configure an open relay ;-)
this is just one way ...
Regards
Rainer
Am 26.03.2014 03:13, schrieb Arya Farzan:
I'm concerned about others reverse engineering
their way into my
project's sip network. Is there anyway to prevent others from finding
out that the SIP protocol is being used and prevent others to reverse
engineer their way into my sip network?
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
*Rainer Piper*
NOC - +49 (0)228 97167161 - sip.soho-piper.de
NOC - +49 (0)2247 9064188 - sip.tele33.de - sip.tefonix.de - D293