On 3/26/14, 2:27 AM, Rainer Piper wrote:
I like this! Does anybody else have more User Agents to share?Hi Aryn,
changing the standard Listen Port 5060 to something like 5871 will keep approximately 50% of the bad boys away.
Log user agent client name like
if ($ua=~"friendly-scanner"||$ua=~"sipcli"||$ua=~"sundayddr"||$ua=~"sipsak"||$ua=~"sipvicious"||$ua=~"iWar"||$ua=~"sip-scan") {
sl_send_reply("403", "Forbidden");
xlog("L_ALERT","IPTABLES: blocking $si $ua\n");
drop();
}
Let fail2ban put the source IP of the bad boy in your firewall for 1h or longer drop time like
fail2ban filter:
[INCLUDES]
#before = common.conf
[Definition]
# filter for kamailio messages
failregex = IPTABLES: blocking <HOST>
Hide your server name like
server_header="Server: sipserver-007"
use strong passwords and don't configure an open relay ;-)
this is just one way ...
Regards
Rainer
Am 26.03.2014 03:13, schrieb Arya Farzan:
I'm concerned about others reverse engineering their way into my project's sip network. Is there anyway to prevent others from finding out that the SIP protocol is being used and prevent others to reverse engineer their way into my sip network?
_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Rainer Piper
NOC - +49 (0)228 97167161 - sip.soho-piper.de
NOC - +49 (0)2247 9064188 - sip.tele33.de - sip.tefonix.de - D293
_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-- Technical Support http://www.cellroute.net
_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users