On 3/26/14, 2:40 PM, Rainer Piper wrote:
Hi Andres,
today I had a very funny one ... an amazon server tried to relay over
my server.
I see that. Its cheap and easy to use an Amazon server for this
purpose. Plus you can change its public IP by shutting down and
starting the instance again.
Hi Andres,
today I had a very funny one ... an amazon server tried to relay over my
server.
LOG Data:
Mar 26 06:20:44 lb2 /usr/sbin/kamailio[16409]: WARNING: pike
[pike_funcs.c:164]: pike_check_req(): PIKE - BLOCKing ip 184.72.211.251,
node=0x7f90dd8abcb8
Mar 26 06:20:44 lb2 /usr/sbin/kamai
Thx Andres,
I have ...
90% friendly-scanner from all over the world
7% sipcli and 3% sundayddr mainly used in China
Am 26.03.2014 16:33, schrieb Andres:
On 3/26/14, 2:27 AM, Rainer Piper wrote:
Hi Aryn,
changing the standard Listen Port 5060 to something like 5871 will
keep approximately 5
On 3/26/14, 2:27 AM, Rainer Piper wrote:
Hi Aryn,
changing the standard Listen Port 5060 to something like 5871 will
keep approximately 50% of the bad boys away.
Log user agent client name like
if
($ua=~"friendly-scanner"||$ua=~"sipcli"||$ua=~"sundayddr"||$ua=~"sipsak"||$ua=~"sipvicious"||$
ps:
you can use
xlog("L_ALERT","IPTABLES: blocking $si \n");
anywhere you like ... for example wrong login password/username
and fail2ban will drop the source IP for a 1h or longer drop time
Regards
Rainer
Am 26.03.2014 07:27, schrieb Rainer Piper:
xlog("L_ALERT","IPTABLES: blocking $si $ua\
Hi Aryn,
changing the standard Listen Port 5060 to something like 5871 will keep
approximately 50% of the bad boys away.
Log user agent client name like
if
($ua=~"friendly-scanner"||$ua=~"sipcli"||$ua=~"sundayddr"||$ua=~"sipsak"||$ua=~"sipvicious"||$ua=~"iWar"||$ua=~"sip-scan")
{
s
I'm concerned about others reverse engineering their way into my project's
sip network. Is there anyway to prevent others from finding out that the
SIP protocol is being used and prevent others to reverse engineer their way
into my sip network?
___
SIP Ex
