[SR-Users] SIP Scanning Attacks Experiences
Daniel-Constantin Mierla
miconda at gmail.com
Fri Nov 19 11:32:38 CET 2010
Thanks, I read it in the past, I added a note about it and mentioned
that one can use sl_send_reply("200", "OK") config for a similar solution.
Cheers,
Daniel
On 11/18/10 3:44 PM, Mark R wrote:
> This might also be of use if bandwidth is an issue:
>
> http://jcs.org/notaweblog/2010/04/11/properly_stopping_a_sip_flood/
>
> Rgds,
>
> Mark
>
> On Thu, Nov 18, 2010 at 1:57 PM, marius zbihlei
> <marius.zbihlei at 1and1.ro <mailto:marius.zbihlei at 1and1.ro>> wrote:
>
> On 11/18/2010 03:59 PM, Fred Posner wrote:
>
> On Nov 18, 2010, at 8:49 AM, marius zbihlei wrote:
>
>
> On 11/18/2010 01:58 PM, Daniel-Constantin Mierla wrote:
>
> Hello,
>
> during the testing period of Kamailio 3.1.0, while
> running it at
> voipuser.org <http://voipuser.org>, I had the chance
> to watch live and analyze a SIP scanning
> attack. Yesterday I noticed another one by looking at
> Siremis 2.0
> charts, therefore I wrote an article with some hints
> about what you can
> use to protect your SIP services within Kamailio
> configuration file.
>
> You can read it at:
> * http://asipto.com/u/i
>
> Hope is going to be useful for many of you!
>
> Cheers,
> Daniel
>
>
>
> Hello Daniel,
>
> Nice read, thanks for sharing. This "friendly-scanner"
> messages has really gotten out of hand lately. FYI, they
> are generated by a python suite called SIPVicious (ha ha
> nice pun)(http://code.google.com/p/sipvicious/) . More on
> this http://blog.sipvicious.org/. The suite was developed
> (really really extended the sense of the word "developed"
> here - as the scripts are really basic) by a security
> company who trails over Europe giving lectures on Voip
> security. :)
>
> Cheers,
> Marius
>
> SIP Vicious does have a kill command... I've tried launching
> that on detection with mixed results. Triggering it from a
> hash count might prove better.
>
>
>
> The kill command (actually a bug that caused a Python exception to
> be raised) was fixed in a later commit :)
>
> Marius
>
> With best regards,
>
> Fred
> http://qxork.com
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing
> list
> sr-users at lists.sip-router.org <mailto:sr-users at lists.sip-router.org>
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla
Kamailio (OpenSER) Advanced Trainings
Nov 22-25, 2010, Berlin, Germany
Jan 24-26, 2011, Irvine, CA, USA
http://www.asipto.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20101119/e8e9f429/attachment-0001.htm>
More information about the sr-users
mailing list