[SR-Users] Preventing information about my sip network
Rainer Piper
rainer.piper at soho-piper.de
Wed Mar 26 07:27:15 CET 2014
Hi Aryn,
changing the standard Listen Port 5060 to something like 5871 will keep
approximately 50% of the bad boys away.
Log user agent client name like
if
($ua=~"friendly-scanner"||$ua=~"sipcli"||$ua=~"sundayddr"||$ua=~"sipsak"||$ua=~"sipvicious"||$ua=~"iWar"||$ua=~"sip-scan")
{
sl_send_reply("403", "Forbidden");
xlog("L_ALERT","IPTABLES: blocking $si $ua\n");
drop();
}
Let fail2ban put the source IP of the bad boy in your firewall for 1h or
longer drop time like
fail2ban filter:
[INCLUDES]
#before = common.conf
[Definition]
# filter for kamailio messages
failregex = IPTABLES: blocking <HOST>
Hide your server name like
server_header="Server: sipserver-007"
use strong passwords and don't configure an open relay ;-)
this is just one way ...
Regards
Rainer
Am 26.03.2014 03:13, schrieb Arya Farzan:
> I'm concerned about others reverse engineering their way into my
> project's sip network. Is there anyway to prevent others from finding
> out that the SIP protocol is being used and prevent others to reverse
> engineer their way into my sip network?
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
*Rainer Piper*
NOC - +49 (0)228 97167161 - sip.soho-piper.de
NOC - +49 (0)2247 9064188 - sip.tele33.de - sip.tefonix.de - D293
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20140326/9ddf8c1d/attachment-0001.html>
More information about the sr-users
mailing list