I don't think it is good to add a lot of string there. The default
configuration files is more like a reference. sipvicious is a well known one
and made sense (although most of its versions use `friendly-scanner` in
user-agent).
But, afaik, portsip is an sdk and pbx. Then, others like NiceGuy likely to be
sipvicious with a different value set for user agent. If the attacker was
changing the default value to something else, banning that one by regex won't
get it fixed for too long, the attacker will use a different value soon.
In other words, if it is something very common or a tool used for scanning
attacks, makes sense to add. If it is just different user agent name used by an
attacker against a platform, it should not be added in the default config file.
There is pike+htable that can detect DoS attacks.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/1903#issuecomment-475956037
_______________________________________________
Kamailio (SER) - Development Mailing List
[email protected]
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
