18 Nov
2010
18 Nov
'10
1:58 p.m.
Hello,
during the testing period of Kamailio 3.1.0, while running it at
voipuser.org, I had the chance to watch live and analyze a SIP scanning
attack. Yesterday I noticed another one by looking at Siremis 2.0
charts, therefore I wrote an article with some hints about what you can
use to protect your SIP services within Kamailio configuration file.
You can read it at:
* http://asipto.com/u/i
Hope is going to be useful for many of you!
Cheers,
Daniel
--
Daniel-Constantin Mierla
Kamailio (OpenSER) Advanced Trainings
Nov 22-25, 2010, Berlin, Germany
Jan 24-26, 2011, Irvine, CA, USA
http://www.asipto.com
18 Nov
18 Nov
3:49 p.m.
On 11/18/2010 01:58 PM, Daniel-Constantin Mierla wrote:
Hello,
during the testing period of Kamailio 3.1.0, while running it at
voipuser.org, I had the chance to watch live and analyze a SIP scanning
attack. Yesterday I noticed another one by looking at Siremis 2.0
charts, therefore I wrote an article with some hints about what you can
use to protect your SIP services within Kamailio configuration file.
You can read it at:
* http://asipto.com/u/i
Hope is going to be useful for many of you!
Cheers,
Daniel
Hello Daniel,
Nice read, thanks for sharing. This "friendly-scanner" messages has
really gotten out of hand lately. FYI, they are generated by a python
suite called SIPVicious (ha ha nice
pun)(http://code.google.com/p/sipvicious/) . More on this
http://blog.sipvicious.org/. The suite was developed (really really
extended the sense of the word "developed" here - as the scripts are
really basic) by a security company who trails over Europe giving
lectures on Voip security. :)
Cheers,
Marius
3:59 p.m.
On Nov 18, 2010, at 8:49 AM, marius zbihlei wrote:
On 11/18/2010 01:58 PM, Daniel-Constantin Mierla
wrote:
SIP Vicious does have a kill command... I've tried launching that on detection with
mixed results. Triggering it from a hash count might prove better.
With best regards,
Fred
http://qxork.com
Hello,
during the testing period of Kamailio 3.1.0, while running it at
voipuser.org, I had the chance to watch live and analyze a SIP scanning
attack. Yesterday I noticed another one by looking at Siremis 2.0
charts, therefore I wrote an article with some hints about what you can
use to protect your SIP services within Kamailio configuration file.
You can read it at:
* http://asipto.com/u/i
Hope is going to be useful for many of you!
Cheers,
Daniel
Hello Daniel,
Nice read, thanks for sharing. This "friendly-scanner" messages has really
gotten out of hand lately. FYI, they are generated by a python suite called SIPVicious (ha
ha nice pun)(http://code.google.com/p/sipvicious/) . More on this
http://blog.sipvicious.org/. The suite was developed (really really extended the sense of
the word "developed" here - as the scripts are really basic) by a security
company who trails over Europe giving lectures on Voip security. :)
Cheers,
Marius
3:57 p.m.
On 11/18/2010 03:59 PM, Fred Posner wrote:
On Nov 18, 2010, at 8:49 AM, marius zbihlei wrote:
The kill command (actually a bug that caused a Python exception to be
raised) was fixed in a later commit :)
Marius
On 11/18/2010 01:58 PM, Daniel-Constantin Mierla
wrote:
SIP Vicious does have a kill command... I've tried launching that on
detection with mixed results. Triggering it from a hash count might prove better.
Hello,
during the testing period of Kamailio 3.1.0, while running it at
voipuser.org, I had the chance to watch live and analyze a SIP scanning
attack. Yesterday I noticed another one by looking at Siremis 2.0
charts, therefore I wrote an article with some hints about what you can
use to protect your SIP services within Kamailio configuration file.
You can read it at:
* http://asipto.com/u/i
Hope is going to be useful for many of you!
Cheers,
Daniel
Hello Daniel,
Nice read, thanks for sharing. This "friendly-scanner" messages has really
gotten out of hand lately. FYI, they are generated by a python suite called SIPVicious (ha
ha nice pun)(http://code.google.com/p/sipvicious/) . More on this
http://blog.sipvicious.org/. The suite was developed (really really extended the sense of
the word "developed" here - as the scripts are really basic) by a security
company who trails over Europe giving lectures on Voip security. :)
Cheers,
Marius
With best regards,
Fred
http://qxork.com
4:44 p.m.
This might also be of use if bandwidth is an issue:
http://jcs.org/notaweblog/2010/04/11/properly_stopping_a_sip_flood/
Rgds,
Mark
On Thu, Nov 18, 2010 at 1:57 PM, marius zbihlei <marius.zbihlei(a)1and1.ro>wrote;wrote:
On 11/18/2010 03:59 PM, Fred Posner wrote:
On Nov 18, 2010, at 8:49 AM, marius zbihlei
wrote:
The kill command (actually a bug that caused a Python exception to be
raised) was fixed in a later commit :)
Marius
With best regards,
On 11/18/2010 01:58 PM, Daniel-Constantin Mierla
wrote:
SIP Vicious does have a kill command... I've tried launching that on
detection with mixed results. Triggering it from a hash count might prove
better.
Hello,
during the testing period of Kamailio 3.1.0, while running it at
voipuser.org, I had the chance to watch live and analyze a SIP scanning
attack. Yesterday I noticed another one by looking at Siremis 2.0
charts, therefore I wrote an article with some hints about what you can
use to protect your SIP services within Kamailio configuration file.
You can read it at:
* http://asipto.com/u/i
Hope is going to be useful for many of you!
Cheers,
Daniel
Hello Daniel,
Nice read, thanks for sharing. This "friendly-scanner" messages has
really gotten out of hand lately. FYI, they are generated by a python suite
called SIPVicious (ha ha nice pun)(http://code.google.com/p/sipvicious/)
. More on this http://blog.sipvicious.org/. The suite was developed
(really really extended the sense of the word "developed" here - as the
scripts are really basic) by a security company who trails over Europe
giving lectures on Voip security. :)
Cheers,
Marius
Fred
http://qxork.com
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
19 Nov
19 Nov
12:32 p.m.
Thanks, I read it in the past, I added a note about it and mentioned
that one can use sl_send_reply("200", "OK") config for a similar
solution.
Cheers,
Daniel
On 11/18/10 3:44 PM, Mark R wrote:
This might also be of use if bandwidth is an issue:
http://jcs.org/notaweblog/2010/04/11/properly_stopping_a_sip_flood/
Rgds,
Mark
On Thu, Nov 18, 2010 at 1:57 PM, marius zbihlei
<marius.zbihlei(a)1and1.ro <mailto:marius.zbihlei@1and1.ro>> wrote:
On 11/18/2010 03:59 PM, Fred Posner wrote:
On Nov 18, 2010, at 8:49 AM, marius zbihlei wrote:
On 11/18/2010 01:58 PM, Daniel-Constantin Mierla wrote:
Hello,
during the testing period of Kamailio 3.1.0, while
running it at
voipuser.org <http://voipuser.org>, I had the chance
to watch live and analyze a SIP scanning
attack. Yesterday I noticed another one by looking at
Siremis 2.0
charts, therefore I wrote an article with some hints
about what you can
use to protect your SIP services within Kamailio
configuration file.
You can read it at:
* http://asipto.com/u/i
Hope is going to be useful for many of you!
Cheers,
Daniel
Hello Daniel,
Nice read, thanks for sharing. This "friendly-scanner"
messages has really gotten out of hand lately. FYI, they
are generated by a python suite called SIPVicious (ha ha
nice pun)(http://code.google.com/p/sipvicious/) . More on
this http://blog.sipvicious.org/. The suite was developed
(really really extended the sense of the word "developed"
here - as the scripts are really basic) by a security
company who trails over Europe giving lectures on Voip
security. :)
Cheers,
Marius
SIP Vicious does have a kill command... I've tried launching
that on detection with mixed results. Triggering it from a
hash count might prove better.
The kill command (actually a bug that caused a Python exception to
be raised) was fixed in a later commit :)
Marius
With best regards,
Fred
http://qxork.com
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing
list
sr-users(a)lists.sip-router.org <mailto:sr-users@lists.sip-router.org>
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla
Kamailio (OpenSER) Advanced Trainings
Nov 22-25, 2010, Berlin, Germany
Jan 24-26, 2011, Irvine, CA, USA
http://www.asipto.com
12:39 p.m.
On 11/18/10 2:57 PM, marius zbihlei wrote:
On 11/18/2010 03:59 PM, Fred Posner wrote:
:-) I wouldn't expect to last too long.
I wonder what would happen to send back stateless the flood to source IP
and port.
In kamailio config would be:
$du = "sip:" + $si + ":" + $sp;
forward();
It won't cause use of many resources, maybe bandwidth.
Would I get a challenge :-) ?
Daniel
--
Daniel-Constantin Mierla
Kamailio (OpenSER) Advanced Trainings
Nov 22-25, 2010, Berlin, Germany
Jan 24-26, 2011, Irvine, CA, USA
http://www.asipto.com
On Nov 18, 2010, at 8:49 AM, marius zbihlei
wrote:
The kill command (actually a bug that caused a Python exception to be
raised) was fixed in a later commit :) On 11/18/2010 01:58 PM, Daniel-Constantin Mierla
wrote:
SIP Vicious does have a kill command... I've tried launching that on
detection with mixed results. Triggering it from a hash count might
prove better.
Hello,
during the testing period of Kamailio 3.1.0, while running it at
voipuser.org, I had the chance to watch live and analyze a SIP
scanning
attack. Yesterday I noticed another one by looking at Siremis 2.0
charts, therefore I wrote an article with some hints about what you
can
use to protect your SIP services within Kamailio configuration file.
You can read it at:
* http://asipto.com/u/i
Hope is going to be useful for many of you!
Cheers,
Daniel
Hello Daniel,
Nice read, thanks for sharing. This "friendly-scanner" messages has
really gotten out of hand lately. FYI, they are generated by a
python suite called SIPVicious (ha ha nice
pun)(http://code.google.com/p/sipvicious/) . More on this
http://blog.sipvicious.org/. The suite was developed (really really
extended the sense of the word "developed" here - as the scripts are
really basic) by a security company who trails over Europe giving
lectures on Voip security. :)
Cheers,
Marius 
18 Nov
18 Nov
11:43 p.m.
New subject: [Kamailio-Business] SIP Scanning Attacks Experiences
2010/11/18 Daniel-Constantin Mierla <miconda(a)gmail.com>om>:
You can read it at:
* http://asipto.com/u/i
Hope is going to be useful for many of you!
Good article :)
--
Iñaki Baz Castillo
<ibc(a)aliax.net>
19 Nov
19 Nov
12:13 a.m.
Thanks Daniel...Very nice article!!!
2010/11/18 Daniel-Constantin Mierla <miconda(a)gmail.com>om>:
Hello,
during the testing period of Kamailio 3.1.0, while running it at
voipuser.org, I had the chance to watch live and analyze a SIP scanning
attack. Yesterday I noticed another one by looking at Siremis 2.0 charts,
therefore I wrote an article with some hints about what you can use to
protect your SIP services within Kamailio configuration file.
You can read it at:
* http://asipto.com/u/i
Hope is going to be useful for many of you!
Cheers,
Daniel
--
Daniel-Constantin Mierla
Kamailio (OpenSER) Advanced Trainings
Nov 22-25, 2010, Berlin, Germany
Jan 24-26, 2011, Irvine, CA, USA
http://www.asipto.com
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Ing. Danny Dias
www.DannTEL.net
5119
days inactive
5120
days old
8 comments
6 participants
participants (6)
-
Daniel-Constantin Mierla -
Danny Dias -
Fred Posner -
Iñaki Baz Castillo -
marius zbihlei -
Mark R