[SR-Users] SIP Scanning Attacks Experiences

marius zbihlei marius.zbihlei at 1and1.ro
Thu Nov 18 14:57:45 CET 2010


On 11/18/2010 03:59 PM, Fred Posner wrote:
> On Nov 18, 2010, at 8:49 AM, marius zbihlei wrote:
>
>    
>> On 11/18/2010 01:58 PM, Daniel-Constantin Mierla wrote:
>>      
>>> Hello,
>>>
>>> during the testing period of Kamailio 3.1.0, while running it at
>>> voipuser.org, I had the chance to watch live and analyze a SIP scanning
>>> attack. Yesterday I noticed another one by looking at Siremis 2.0
>>> charts, therefore I wrote an article with some hints about what you can
>>> use to protect your SIP services within Kamailio configuration file.
>>>
>>> You can read it at:
>>>     * http://asipto.com/u/i
>>>
>>> Hope is going to be useful for many of you!
>>>
>>> Cheers,
>>> Daniel
>>>
>>>
>>>        
>> Hello Daniel,
>>
>> Nice read, thanks for sharing. This "friendly-scanner" messages has really gotten out of hand lately. FYI, they are generated by a python suite called SIPVicious (ha ha nice pun)(http://code.google.com/p/sipvicious/) . More on this http://blog.sipvicious.org/. The suite was developed (really really extended the sense of the word "developed" here - as the scripts are really basic) by a security company who trails over Europe giving lectures on Voip security. :)
>>
>> Cheers,
>> Marius
>>      
> SIP Vicious does have a kill command... I've tried launching that on detection with mixed results. Triggering it from a hash count might prove better.
>
>
>    
The kill command (actually a bug that caused a Python exception to be 
raised) was fixed in a later commit :)

Marius
> With best regards,
>
> Fred
> http://qxork.com
>
>
>
>
>
>
>
>    




More information about the sr-users mailing list