All Experts,
I want to change my SIP port from 5060 for other one. Before making any change in my live server (Kamailio 3.2.1, i want to be sure. Kindly suggest me that where should i make changes to implement it. This is a security measure for kamailio from port scanning.
With thanks in advance.
Vijay Thakur
Hi,
Do you think that changing listen=6050 won't help you ? or is it something you want to be done outside kamailio like iptables port forwarding etc ?
Do explain what precisely do you want.
Thanks Sammy
On Mon, Sep 17, 2012 at 12:08 PM, Vijay Thakur <vijay.thakur@loopmethods.com
wrote:
All Experts,
I want to change my SIP port from 5060 for other one. Before making any change in my live server (Kamailio 3.2.1, i want to be sure. Kindly suggest me that where should i make changes to implement it. This is a security measure for kamailio from port scanning.
With thanks in advance.
Vijay Thakur
______________________________**_________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/**cgi-bin/mailman/listinfo/sr-**usershttp://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Hi Vijay,
Do yo really need to change the port number?
A couple of well crafted iptable rules probably could avoid the need to change the port.
Read this: http://www.dslreports.com/forum/r26964016-Asterisk-Changing-default-SIP-Port
>>>>> Post
#5 written by *espaeth *is quite well explained.
Although it says "asterisk" it's valid also for kamailio.
Best regards, Joel. -- Joel Smith Cell: +34 639 03 13 53 E-Mail: joel@vozelia.com joel@vozelia.com http://www.vozelia.com http://twitter.com/vozelia http://www.facebook.com/pages/Vozelia-Operador-de-telefonia-IP-para-empresas/165574849908?v=info
On Mon, Sep 17, 2012 at 9:08 AM, Vijay Thakur vijay.thakur@loopmethods.comwrote:
All Experts,
I want to change my SIP port from 5060 for other one. Before making any change in my live server (Kamailio 3.2.1, i want to be sure. Kindly suggest me that where should i make changes to implement it. This is a security measure for kamailio from port scanning.
With thanks in advance.
Vijay Thakur
______________________________**_________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/**cgi-bin/mailman/listinfo/sr-**usershttp://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Hi Vijay,
Do yo really need to change the port number?
A couple of well crafted iptables rules probably could avoid the need to change the port caused by scans.
Read this: http://www.dslreports.com/forum/r26964016-Asterisk-Changing-default-SIP-Port
Although it says "asterisk" it's valid also for kamailio.
Best regards, Joel. -- Joel Smith Cell: +34 639 03 13 53 E-Mail: joel@vozelia.com joel@vozelia.com http://www.vozelia.com http://twitter.com/vozelia http://www.facebook.com/pages/Vozelia-Operador-de-telefonia-IP-para-empresas/165574849908?v=info
On Mon, Sep 17, 2012 at 9:08 AM, Vijay Thakur vijay.thakur@loopmethods.comwrote:
All Experts,
I want to change my SIP port from 5060 for other one. Before making any change in my live server (Kamailio 3.2.1, i want to be sure. Kindly suggest me that where should i make changes to implement it. This is a security measure for kamailio from port scanning.
With thanks in advance.
Vijay Thakur
______________________________**_________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/**cgi-bin/mailman/listinfo/sr-**usershttp://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
On 17.09.2012 09:08, Vijay Thakur wrote:
All Experts,
I want to change my SIP port from 5060 for other one. Before making any change in my live server (Kamailio 3.2.1, i want to be sure. Kindly suggest me that where should i make changes to implement it. This is a security measure for kamailio from port scanning.
This is just "security by obscurity" and of course your SIP proxy configuration must be secure to handle such scanning attacks.
Nevertheless these scans are annoying and using a non-default port is a good practice. You can change the port easily with the "listen" directive, see http://www.kamailio.org/wiki/cookbooks/3.3.x/core#listen
Further, this snippet at the beginning of your config may help too:
# ignore requests generated by sipvicious # User-Agent: friendly-scanner if ($ua == "friendly-scanner") { exit; }
regards Klaus
Instead of using /exit/, which causes the /User Agent: friendly-scanner/ to keep sending packets waiting for a reply, I use /sl_send_reply("200", "OK"); exit;/ the reason for this is that the friendly-scanner seems to stop after it finally receives a 200 OK thinking it got a valid registration back, it usually immediately stops scanning and any saturation on our links drops way back down.
On 17/09/2012 6:25 AM, Klaus Darilion wrote:
On 17.09.2012 09:08, Vijay Thakur wrote:
All Experts,
I want to change my SIP port from 5060 for other one. Before making any change in my live server (Kamailio 3.2.1, i want to be sure. Kindly suggest me that where should i make changes to implement it. This is a security measure for kamailio from port scanning.
This is just "security by obscurity" and of course your SIP proxy configuration must be secure to handle such scanning attacks.
Nevertheless these scans are annoying and using a non-default port is a good practice. You can change the port easily with the "listen" directive, see http://www.kamailio.org/wiki/cookbooks/3.3.x/core#listen
Further, this snippet at the beginning of your config may help too:
# ignore requests generated by sipvicious # User-Agent: friendly-scanner if ($ua == "friendly-scanner") { exit; }regards Klaus
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
Thanks for your kind help.
With Regards,
Vijay ++
On Monday 17 September 2012 02:55 PM, Klaus Darilion wrote:
On 17.09.2012 09:08, Vijay Thakur wrote:
All Experts,
I want to change my SIP port from 5060 for other one. Before making any change in my live server (Kamailio 3.2.1, i want to be sure. Kindly suggest me that where should i make changes to implement it. This is a security measure for kamailio from port scanning.
This is just "security by obscurity" and of course your SIP proxy configuration must be secure to handle such scanning attacks.
Nevertheless these scans are annoying and using a non-default port is a good practice. You can change the port easily with the "listen" directive, see http://www.kamailio.org/wiki/cookbooks/3.3.x/core#listen
Further, this snippet at the beginning of your config may help too:
# ignore requests generated by sipvicious # User-Agent: friendly-scanner if ($ua == "friendly-scanner") { exit; }regards Klaus
-
Joel Smith | VOZELIA -
Klaus Darilion -
Russell McConnachie -
SamyGo -
Vijay Thakur