Hi Aryn,
changing the standard Listen Port 5060 to something like 5871 will
keep approximately 50% of the bad boys away.
Log user agent client name like
if
($ua=~"friendly-scanner"||$ua=~"sipcli"||$ua=~"sundayddr"||$ua=~"sipsak"||$ua=~"sipvicious"||$ua=~"iWar"||$ua=~"sip-scan")
{
sl_send_reply("403", "Forbidden");
xlog("L_ALERT","IPTABLES: blocking $si $ua\n");
drop();
}
Let fail2ban put the source IP of the bad boy in your firewall for
1h or longer drop time like
fail2ban filter:
[INCLUDES]
#before = common.conf
[Definition]
# filter for kamailio messages
failregex = IPTABLES: blocking <HOST>
Hide your server name like
server_header="Server: sipserver-007"
use strong passwords and don't configure an open relay ;-)
this is just one way ...
Regards
Rainer
Am 26.03.2014 03:13, schrieb Arya Farzan:
I'm
concerned about others reverse engineering their way into my
project's sip network. Is there anyway to prevent others from
finding out that the SIP protocol is being used and prevent
others to reverse engineer their way into my sip network?
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Rainer Piper
NOC - +49 (0)228 97167161 - sip.soho-piper.de
NOC - +49 (0)2247 9064188 - sip.tele33.de - sip.tefonix.de - D293