On Thu, Nov 18, 2010 at 1:57 PM, marius
zbihlei
<marius.zbihlei@1and1.ro>
wrote:
On 11/18/2010 03:59 PM, Fred Posner wrote:
On Nov 18, 2010, at 8:49 AM, marius zbihlei wrote:
On 11/18/2010 01:58 PM, Daniel-Constantin Mierla wrote:
Hello,
during the testing period of Kamailio 3.1.0, while
running it at
voipuser.org, I had the chance
to watch live and analyze a SIP scanning
attack. Yesterday I noticed another one by looking at
Siremis 2.0
charts, therefore I wrote an article with some hints
about what you can
use to protect your SIP services within Kamailio
configuration file.
You can read it at:
* http://asipto.com/u/i
Hope is going to be useful for many of you!
Cheers,
Daniel
Hello Daniel,
Nice read, thanks for sharing. This "friendly-scanner"
messages has really gotten out of hand lately. FYI, they
are generated by a python suite called SIPVicious (ha ha
nice pun)(http://code.google.com/p/sipvicious/)
. More on this http://blog.sipvicious.org/.
The suite was developed (really really extended the
sense of the word "developed" here - as the scripts are
really basic) by a security company who trails over
Europe giving lectures on Voip security. :)
Cheers,
Marius
SIP Vicious does have a kill command... I've tried
launching that on detection with mixed results. Triggering
it from a hash count might prove better.
Marius