[SR-Users] Port change 5060
Russell McConnachie
russell at mcconnachie.ca
Mon Sep 17 13:42:54 CEST 2012
Instead of using /exit/, which causes the /User Agent: friendly-scanner/
to keep sending packets waiting for a reply, I use /sl_send_reply("200",
"OK"); exit;/ the reason for this is that the friendly-scanner seems to
stop after it finally receives a 200 OK thinking it got a valid
registration back, it usually immediately stops scanning and any
saturation on our links drops way back down.
On 17/09/2012 6:25 AM, Klaus Darilion wrote:
> On 17.09.2012 09:08, Vijay Thakur wrote:
>> All Experts,
>>
>> I want to change my SIP port from 5060 for other one. Before making any
>> change in my live server (Kamailio 3.2.1, i want to be sure.
>> Kindly suggest me that where should i make changes to implement it. This
>> is a security measure for kamailio from port scanning.
>
> This is just "security by obscurity" and of course your SIP proxy
> configuration must be secure to handle such scanning attacks.
>
> Nevertheless these scans are annoying and using a non-default port is
> a good practice. You can change the port easily with the "listen"
> directive, see http://www.kamailio.org/wiki/cookbooks/3.3.x/core#listen
>
> Further, this snippet at the beginning of your config may help too:
>
> # ignore requests generated by sipvicious
> # User-Agent: friendly-scanner
> if ($ua == "friendly-scanner") {
> exit;
> }
>
> regards
> Klaus
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20120917/3c82593c/attachment.htm>
More information about the sr-users
mailing list