[SR-Users] Preventing information about my sip network

Rainer Piper rainer.piper at soho-piper.de
Wed Mar 26 07:42:19 CET 2014 

ps:

you can use
xlog("L_ALERT","IPTABLES: blocking $si \n");
anywhere you like ... for example wrong login password/username

and fail2ban will drop the source IP for a 1h or longer drop time


Regards
Rainer

Am 26.03.2014 07:27, schrieb Rainer Piper:
> xlog("L_ALERT","IPTABLES: blocking $si $ua\n");


-- 
*Rainer Piper*
NOC - +49 (0)228 97167161 - sip.soho-piper.de
NOC - +49 (0)2247 9064188 - sip.tele33.de - sip.tefonix.de - D293


Am 26.03.2014 07:27, schrieb Rainer Piper:
> Hi Aryn,
>
> changing the standard Listen Port 5060 to something like 5871 will 
> keep approximately 50% of the bad boys away.
>
> Log user agent client name like
>
> if 
> ($ua=~"friendly-scanner"||$ua=~"sipcli"||$ua=~"sundayddr"||$ua=~"sipsak"||$ua=~"sipvicious"||$ua=~"iWar"||$ua=~"sip-scan") 
> {
>         sl_send_reply("403", "Forbidden");
>         xlog("L_ALERT","IPTABLES: blocking $si $ua\n");
>         drop();
> }
>
> Let fail2ban put the source IP of the bad boy in your firewall for 1h 
> or longer drop time like
>
> fail2ban filter:
>
> [INCLUDES]
>
> #before = common.conf
>
> [Definition]
> # filter for kamailio messages
> failregex = IPTABLES: blocking <HOST>
>
> Hide your server name like
> server_header="Server: sipserver-007"
>
> use strong passwords and don't configure an open relay ;-)
>
> this is just one way ...
>
>
> Regards
> Rainer
>
>
>
>
> Am 26.03.2014 03:13, schrieb Arya Farzan:
>> I'm concerned about others reverse engineering their way into my 
>> project's sip network. Is there anyway to prevent others from finding 
>> out that the SIP protocol is being used and prevent others to reverse 
>> engineer their way into my sip network?
>>
>>
>> _______________________________________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>> sr-users at lists.sip-router.org
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
> -- 
> *Rainer Piper*
> NOC - +49 (0)228 97167161 - sip.soho-piper.de
> NOC - +49 (0)2247 9064188 - sip.tele33.de - sip.tefonix.de - D293
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users


-- 
*Rainer Piper*
NOC - +49 (0)228 97167161 - sip.soho-piper.de
NOC - +49 (0)2247 9064188 - sip.tele33.de - sip.tefonix.de - D293
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20140326/7327a93d/attachment.html>

More information about the sr-users mailing list