Re: [SR-Users] Preventing information about my sip network

Hi Aryn, changing the standard Listen Port 5060 to something like 5871 will keep approximately 50% of the bad boys away. Log user agent client name like if ($ua=~"friendly-scanner"||$ua=~"sipcli"||$ua=~"sundayddr"||$ua=~"sipsak"||$ua=~"sipvicious"||$ua=~"iWar"||$ua=~"sip-scan") { sl_send_reply("403", "Forbidden"); xlog("L_ALERT","IPTABLES: blocking $si $ua\n"); drop(); }

Let fail2ban put the source IP of the bad boy in your firewall for 1h or longer drop time like fail2ban filter: [INCLUDES] #before = common.conf [Definition] # filter for kamailio messages failregex = IPTABLES: blocking <HOST> Hide your server name like server_header="Server: sipserver-007" use strong passwords and don't configure an open relay ;-) this is just one way ... Regards Rainer Am 26.03.2014 03:13, schrieb Arya Farzan: -- *Rainer Piper* NOC - +49 (0)228 97167161 - sip.soho-piper.de NOC - +49 (0)2247 9064188 - sip.tele33.de - sip.tefonix.de - D293 _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users(a)lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users