Instead of using exit, which causes the User Agent: friendly-scanner to keep sending packets waiting for a reply, I use sl_send_reply("200", "OK"); exit; the reason for this is that the friendly-scanner seems to stop after it finally receives a 200 OK thinking it got a valid registration back, it usually immediately stops scanning and any saturation on our links drops way back down.

On 17/09/2012 6:25 AM, Klaus Darilion wrote:
On 17.09.2012 09:08, Vijay Thakur wrote:
All Experts,

I want to change my SIP port from 5060 for other one. Before making any
change in my live server (Kamailio 3.2.1, i want to be sure.
Kindly suggest me that where should i make changes to implement it. This
is a security measure for kamailio from port scanning.

This is just "security by obscurity" and of course your SIP proxy configuration must be secure to handle such scanning attacks.

Nevertheless these scans are annoying and using a non-default port is a good practice. You can change the port easily with the "listen" directive, see http://www.kamailio.org/wiki/cookbooks/3.3.x/core#listen

Further, this snippet at the beginning of your config may help too:

        # ignore requests generated by sipvicious
        # User-Agent: friendly-scanner
        if ($ua == "friendly-scanner") {
                exit;
        }

regards
Klaus

_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users