[SR-Users] SIP Scanning Attacks Experiences
Mark R
mcreardon at gmail.com
Thu Nov 18 15:44:15 CET 2010
This might also be of use if bandwidth is an issue:
http://jcs.org/notaweblog/2010/04/11/properly_stopping_a_sip_flood/
Rgds,
Mark
On Thu, Nov 18, 2010 at 1:57 PM, marius zbihlei <marius.zbihlei at 1and1.ro>wrote:
> On 11/18/2010 03:59 PM, Fred Posner wrote:
>
>> On Nov 18, 2010, at 8:49 AM, marius zbihlei wrote:
>>
>>
>>
>>> On 11/18/2010 01:58 PM, Daniel-Constantin Mierla wrote:
>>>
>>>
>>>> Hello,
>>>>
>>>> during the testing period of Kamailio 3.1.0, while running it at
>>>> voipuser.org, I had the chance to watch live and analyze a SIP scanning
>>>> attack. Yesterday I noticed another one by looking at Siremis 2.0
>>>> charts, therefore I wrote an article with some hints about what you can
>>>> use to protect your SIP services within Kamailio configuration file.
>>>>
>>>> You can read it at:
>>>> * http://asipto.com/u/i
>>>>
>>>> Hope is going to be useful for many of you!
>>>>
>>>> Cheers,
>>>> Daniel
>>>>
>>>>
>>>>
>>>>
>>> Hello Daniel,
>>>
>>> Nice read, thanks for sharing. This "friendly-scanner" messages has
>>> really gotten out of hand lately. FYI, they are generated by a python suite
>>> called SIPVicious (ha ha nice pun)(http://code.google.com/p/sipvicious/)
>>> . More on this http://blog.sipvicious.org/. The suite was developed
>>> (really really extended the sense of the word "developed" here - as the
>>> scripts are really basic) by a security company who trails over Europe
>>> giving lectures on Voip security. :)
>>>
>>> Cheers,
>>> Marius
>>>
>>>
>> SIP Vicious does have a kill command... I've tried launching that on
>> detection with mixed results. Triggering it from a hash count might prove
>> better.
>>
>>
>>
>>
> The kill command (actually a bug that caused a Python exception to be
> raised) was fixed in a later commit :)
>
> Marius
>
> With best regards,
>>
>> Fred
>> http://qxork.com
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20101118/ed6aeaf7/attachment.htm>
More information about the sr-users
mailing list