[SR-Users] Preventing information about my sip network

Rainer Piper rainer.piper at soho-piper.de
Wed Mar 26 19:18:50 CET 2014 

Thx Andres,

I have ...
90% friendly-scanner from all over the world
7% sipcli and 3% sundayddr mainly used in China



Am 26.03.2014 16:33, schrieb Andres:
> On 3/26/14, 2:27 AM, Rainer Piper wrote:
>> Hi Aryn,
>>
>> changing the standard Listen Port 5060 to something like 5871 will 
>> keep approximately 50% of the bad boys away.
>>
>> Log user agent client name like
>>
>> if 
>> ($ua=~"friendly-scanner"||$ua=~"sipcli"||$ua=~"sundayddr"||$ua=~"sipsak"||$ua=~"sipvicious"||$ua=~"iWar"||$ua=~"sip-scan") 
>> {
>>         sl_send_reply("403", "Forbidden");
>>         xlog("L_ALERT","IPTABLES: blocking $si $ua\n");
>>         drop();
>> }
> I like this!  Does anybody else have more User Agents to share?
>>
>> Let fail2ban put the source IP of the bad boy in your firewall for 1h 
>> or longer drop time like
>>
>> fail2ban filter:
>>
>> [INCLUDES]
>>
>> #before = common.conf
>>
>> [Definition]
>> # filter for kamailio messages
>> failregex = IPTABLES: blocking <HOST>
>>
>> Hide your server name like
>> server_header="Server: sipserver-007"
>>
>> use strong passwords and don't configure an open relay ;-)
>>
>> this is just one way ...
>>
>>
>> Regards
>> Rainer
>>
>>
>>
>>
>> Am 26.03.2014 03:13, schrieb Arya Farzan:
>>> I'm concerned about others reverse engineering their way into my 
>>> project's sip network. Is there anyway to prevent others from 
>>> finding out that the SIP protocol is being used and prevent others 
>>> to reverse engineer their way into my sip network?
>>>
>>>
>>> _______________________________________________
>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>> sr-users at lists.sip-router.org
>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>
>>
>> -- 
>> *Rainer Piper*
>> NOC - +49 (0)228 97167161 - sip.soho-piper.de
>> NOC - +49 (0)2247 9064188 - sip.tele33.de - sip.tefonix.de - D293
>>
>>
>> _______________________________________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>> sr-users at lists.sip-router.org
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
> -- 
> Technical Support
> http://www.cellroute.net
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users


-- 
*Rainer Piper*
NOC - +49 (0)228 97167161 - sip.soho-piper.de
NOC - +49 (0)2247 9064188 - sip.tele33.de - sip.tefonix.de - D293
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20140326/e8faab4b/attachment.html>

More information about the sr-users mailing list