Hi Aryn,

changing the standard Listen Port 5060 to something like 5871 will keep approximately 50% of the bad boys away.

Log user agent client name like

if ($ua=~"friendly-scanner"||$ua=~"sipcli"||$ua=~"sundayddr"||$ua=~"sipsak"||$ua=~"sipvicious"||$ua=~"iWar"||$ua=~"sip-scan") {
        sl_send_reply("403", "Forbidden");
        xlog("L_ALERT","IPTABLES: blocking $si $ua\n");
        drop();
}

Let fail2ban put the source IP of the bad boy in your firewall for 1h or longer drop time like

fail2ban filter:

[INCLUDES]

#before = common.conf

[Definition]
# filter for kamailio messages
failregex = IPTABLES: blocking <HOST>

Hide your server name like
server_header="Server: sipserver-007"

use strong passwords and don't configure an open relay ;-)

this is just one way ...


Regards
Rainer


 

Am 26.03.2014 03:13, schrieb Arya Farzan:

I'm concerned about others reverse engineering their way into my project's sip network. Is there anyway to prevent others from finding out that the SIP protocol is being used and prevent others to reverse engineer their way into my sip network?

_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

--
Rainer Piper
NOC - +49 (0)228 97167161 - sip.soho-piper.de
NOC - +49 (0)2247 9064188 - sip.tele33.de - sip.tefonix.de - D293

_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users