17 Sep
2012
17 Sep
'12
10:08 a.m.
All Experts,
I want to change my SIP port from 5060 for other one. Before making any
change in my live server (Kamailio 3.2.1, i want to be sure.
Kindly suggest me that where should i make changes to implement it. This
is a security measure for kamailio from port scanning.
With thanks in advance.
Vijay Thakur
17 Sep
17 Sep
10:34 a.m.
Hi,
Do you think that changing listen=6050 won't help you ? or is it something
you want to be done outside kamailio like iptables port forwarding etc ?
Do explain what precisely do you want.
Thanks
Sammy
On Mon, Sep 17, 2012 at 12:08 PM, Vijay Thakur <vijay.thakur(a)loopmethods.com
wrote:
All Experts,
I want to change my SIP port from 5060 for other one. Before making any
change in my live server (Kamailio 3.2.1, i want to be sure.
Kindly suggest me that where should i make changes to implement it. This
is a security measure for kamailio from port scanning.
With thanks in advance.
Vijay Thakur
______________________________**_________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/**cgi-bin/mailman/listinfo/sr-**users<http:/…
12:02 p.m.
Hi Vijay,
Do yo really need to change the port number?
A couple of well crafted iptable rules probably could avoid the need to
change the port.
Read this:
http://www.dslreports.com/forum/r26964016-Asterisk-Changing-default-SIP-Port
>>>>>>>>>> Post
#5
written by *espaeth *is quite well explained.
Although it says "asterisk" it's valid also for kamailio.
Best regards,
Joel.
--
Joel Smith
Cell: +34 639 03 13 53
E-Mail: joel(a)vozelia.com
<joel(a)vozelia.com>
<http://www.vozelia.com> <http://twitter.com/vozelia>
<http://www.facebook.com/pages/Vozelia-Operador-de-telefonia-IP-para-empresas/165574849908?v=info>
On Mon, Sep 17, 2012 at 9:08 AM, Vijay Thakur
<vijay.thakur(a)loopmethods.com>wrote;wrote:
All Experts,
I want to change my SIP port from 5060 for other one. Before making any
change in my live server (Kamailio 3.2.1, i want to be sure.
Kindly suggest me that where should i make changes to implement it. This
is a security measure for kamailio from port scanning.
With thanks in advance.
Vijay Thakur
______________________________**_________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/**cgi-bin/mailman/listinfo/sr-**users<http:/…
12:09 p.m.
Hi Vijay,
Do yo really need to change the port number?
A couple of well crafted iptables rules probably could avoid the need to
change the port caused by scans.
Read this:
http://www.dslreports.com/forum/r26964016-Asterisk-Changing-default-SIP-Port
Although it says "asterisk" it's valid also for kamailio.
Best regards,
Joel.
--
Joel Smith
Cell: +34 639 03 13 53
E-Mail: joel(a)vozelia.com
<joel(a)vozelia.com>
<http://www.vozelia.com> <http://twitter.com/vozelia>
<http://www.facebook.com/pages/Vozelia-Operador-de-telefonia-IP-para-empresas/165574849908?v=info>
On Mon, Sep 17, 2012 at 9:08 AM, Vijay Thakur
<vijay.thakur(a)loopmethods.com>wrote;wrote:
All Experts,
I want to change my SIP port from 5060 for other one. Before making any
change in my live server (Kamailio 3.2.1, i want to be sure.
Kindly suggest me that where should i make changes to implement it. This
is a security measure for kamailio from port scanning.
With thanks in advance.
Vijay Thakur
______________________________**_________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/**cgi-bin/mailman/listinfo/sr-**users<http:/…
12:25 p.m.
On 17.09.2012 09:08, Vijay Thakur wrote:
All Experts,
I want to change my SIP port from 5060 for other one. Before making any
change in my live server (Kamailio 3.2.1, i want to be sure.
Kindly suggest me that where should i make changes to implement it. This
is a security measure for kamailio from port scanning.
This is just "security by obscurity" and of course your SIP proxy
configuration must be secure to handle such scanning attacks.
Nevertheless these scans are annoying and using a non-default port is a
good practice. You can change the port easily with the "listen"
directive, see http://www.kamailio.org/wiki/cookbooks/3.3.x/core#listen
Further, this snippet at the beginning of your config may help too:
# ignore requests generated by sipvicious
# User-Agent: friendly-scanner
if ($ua == "friendly-scanner") {
exit;
}
regards
Klaus
2:42 p.m.
Instead of using /exit/, which causes the /User Agent: friendly-scanner/
to keep sending packets waiting for a reply, I use /sl_send_reply("200",
"OK"); exit;/ the reason for this is that the friendly-scanner seems to
stop after it finally receives a 200 OK thinking it got a valid
registration back, it usually immediately stops scanning and any
saturation on our links drops way back down.
On 17/09/2012 6:25 AM, Klaus Darilion wrote:
On 17.09.2012 09:08, Vijay Thakur wrote:
All Experts,
I want to change my SIP port from 5060 for other one. Before making any
change in my live server (Kamailio 3.2.1, i want to be sure.
Kindly suggest me that where should i make changes to implement it. This
is a security measure for kamailio from port scanning.
This is just "security by obscurity" and of course your SIP proxy
configuration must be secure to handle such scanning attacks.
Nevertheless these scans are annoying and using a non-default port is
a good practice. You can change the port easily with the "listen"
directive, see http://www.kamailio.org/wiki/cookbooks/3.3.x/core#listen
Further, this snippet at the beginning of your config may help too:
# ignore requests generated by sipvicious
# User-Agent: friendly-scanner
if ($ua == "friendly-scanner") {
exit;
}
regards
Klaus
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
18 Sep
18 Sep
9:01 a.m.
Thanks for your kind help.
With Regards,
Vijay ++
On Monday 17 September 2012 02:55 PM, Klaus Darilion wrote:
On 17.09.2012 09:08, Vijay Thakur wrote:
--
Best Regards,
Vijay Thakur
(Assistant Manager - Networks)
Mobile : +91 8744018065
Mail : vijay.thakur(a)loopmethods.com
Loop IT Methods Private Limited
1st Floor, B-10, Sector-7, Noida, (U.P) India
Ph: +91 120 305 3481,82 (INDIA), +1 347 468 8631 (USA), +61 390 011 178 (AUS)
Fax: +91 971 728 330
Web: www.loopmethods.com
LOOP Disclaimer
-------------------------------------------------------------------------------------------------
This message (including any attachments) contains confidential information intended for a
specific individual and purpose, and is protected by law. If you are not the intended
recipient, you should delete this message and are hereby notified that any disclosure,
copying, or distribution of this message, or the taking of any action based on it, is
strictly prohibited.
-----------------------------------------------------------------------------------------------------------------
All Experts,
I want to change my SIP port from 5060 for other one. Before making any
change in my live server (Kamailio 3.2.1, i want to be sure.
Kindly suggest me that where should i make changes to implement it. This
is a security measure for kamailio from port scanning.
This is just "security by obscurity" and of course your SIP proxy
configuration must be secure to handle such scanning attacks.
Nevertheless these scans are annoying and using a non-default port is
a good practice. You can change the port easily with the "listen"
directive, see http://www.kamailio.org/wiki/cookbooks/3.3.x/core#listen
Further, this snippet at the beginning of your config may help too:
# ignore requests generated by sipvicious
# User-Agent: friendly-scanner
if ($ua == "friendly-scanner") {
exit;
}
regards
Klaus
4448
days inactive
4449
days old
6 comments
5 participants
participants (5)
-
Joel Smith | VOZELIA -
Klaus Darilion -
Russell McConnachie -
SamyGo -
Vijay Thakur