Hi Aryn,
changing the standard Listen Port 5060 to something like 5871 will keep approximately 50% of the bad boys away.
Log user agent client name like
if ($ua=~"friendly-scanner"||$ua=~"sipcli"||$ua=~"sundayddr"||$ua=~"sipsak"||$ua=~"sipvicious"||$ua=~"iWar"||$ua=~"sip-scan") { sl_send_reply("403", "Forbidden"); xlog("L_ALERT","IPTABLES: blocking $si $ua\n"); drop(); }
Let fail2ban put the source IP of the bad boy in your firewall for 1h or longer drop time like
fail2ban filter:
[INCLUDES]
#before = common.conf
[Definition] # filter for kamailio messages failregex = IPTABLES: blocking <HOST>
Hide your server name like server_header="Server: sipserver-007"
use strong passwords and don't configure an open relay ;-)
this is just one way ...
Regards Rainer
Am 26.03.2014 03:13, schrieb Arya Farzan:
I'm concerned about others reverse engineering their way into my project's sip network. Is there anyway to prevent others from finding out that the SIP protocol is being used and prevent others to reverse engineer their way into my sip network?
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users