[sr-dev] [kamailio/kamailio] etc/kamailio.cfg: detect sipvicious as scanner (#1903)
Daniel-Constantin Mierla
notifications at github.com
Sun Mar 24 13:53:44 CET 2019
I don't think it is good to add a lot of string there. The default configuration files is more like a reference. sipvicious is a well known one and made sense (although most of its versions use `friendly-scanner` in user-agent).
But, afaik, portsip is an sdk and pbx. Then, others like NiceGuy likely to be sipvicious with a different value set for user agent. If the attacker was changing the default value to something else, banning that one by regex won't get it fixed for too long, the attacker will use a different value soon.
In other words, if it is something very common or a tool used for scanning attacks, makes sense to add. If it is just different user agent name used by an attacker against a platform, it should not be added in the default config file. There is pike+htable that can detect DoS attacks.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/1903#issuecomment-475956037
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20190324/95785c5d/attachment.html>
More information about the sr-dev
mailing list