[SR-Users] SIP Scanning Attacks Experiences

Daniel-Constantin Mierla miconda at gmail.com
Fri Nov 19 11:32:38 CET 2010 

Thanks, I read it in the past, I added a note about it and mentioned 
that one can use sl_send_reply("200", "OK") config for a similar solution.

Cheers,
Daniel

On 11/18/10 3:44 PM, Mark R wrote:
> This might also be of use if bandwidth is an issue:
>
> http://jcs.org/notaweblog/2010/04/11/properly_stopping_a_sip_flood/
>
> Rgds,
>
> Mark
>
> On Thu, Nov 18, 2010 at 1:57 PM, marius zbihlei 
> <marius.zbihlei at 1and1.ro <mailto:marius.zbihlei at 1and1.ro>> wrote:
>
>     On 11/18/2010 03:59 PM, Fred Posner wrote:
>
>         On Nov 18, 2010, at 8:49 AM, marius zbihlei wrote:
>
>
>             On 11/18/2010 01:58 PM, Daniel-Constantin Mierla wrote:
>
>                 Hello,
>
>                 during the testing period of Kamailio 3.1.0, while
>                 running it at
>                 voipuser.org <http://voipuser.org>, I had the chance
>                 to watch live and analyze a SIP scanning
>                 attack. Yesterday I noticed another one by looking at
>                 Siremis 2.0
>                 charts, therefore I wrote an article with some hints
>                 about what you can
>                 use to protect your SIP services within Kamailio
>                 configuration file.
>
>                 You can read it at:
>                    * http://asipto.com/u/i
>
>                 Hope is going to be useful for many of you!
>
>                 Cheers,
>                 Daniel
>
>
>
>             Hello Daniel,
>
>             Nice read, thanks for sharing. This "friendly-scanner"
>             messages has really gotten out of hand lately. FYI, they
>             are generated by a python suite called SIPVicious (ha ha
>             nice pun)(http://code.google.com/p/sipvicious/) . More on
>             this http://blog.sipvicious.org/. The suite was developed
>             (really really extended the sense of the word "developed"
>             here - as the scripts are really basic) by a security
>             company who trails over Europe giving lectures on Voip
>             security. :)
>
>             Cheers,
>             Marius
>
>         SIP Vicious does have a kill command... I've tried launching
>         that on detection with mixed results. Triggering it from a
>         hash count might prove better.
>
>
>
>     The kill command (actually a bug that caused a Python exception to
>     be raised) was fixed in a later commit :)
>
>     Marius
>
>         With best regards,
>
>         Fred
>         http://qxork.com
>
>
>
>
>
>
>
>
>
>
>     _______________________________________________
>     SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing
>     list
>     sr-users at lists.sip-router.org <mailto:sr-users at lists.sip-router.org>
>     http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla
Kamailio (OpenSER) Advanced Trainings
Nov 22-25, 2010, Berlin, Germany
Jan 24-26, 2011, Irvine, CA, USA
http://www.asipto.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20101119/e8e9f429/attachment-0001.htm>

More information about the sr-users mailing list