On Nov 18, 2010, at 8:49 AM, marius zbihlei wrote: > On 11/18/2010 01:58 PM, Daniel-Constantin Mierla wrote: >> Hello, >> >> during the testing period of Kamailio 3.1.0, while running it at >> voipuser.org, I had the chance to watch live and analyze a SIP scanning >> attack. Yesterday I noticed another one by looking at Siremis 2.0 >> charts, therefore I wrote an article with some hints about what you can >> use to protect your SIP services within Kamailio configuration file. >> >> You can read it at: >> * http://asipto.com/u/i >> >> Hope is going to be useful for many of you! >> >> Cheers, >> Daniel >> >> > Hello Daniel, > > Nice read, thanks for sharing. This "friendly-scanner" messages has really > gotten out of hand lately. FYI, they are generated by a python suite called > SIPVicious (ha ha nice pun)(http://code.google.com/p/sipvicious/) . More on > this http://blog.sipvicious.org/. The suite was developed (really really > extended the sense of the word "developed" here - as the scripts are really > basic) by a security company who trails over Europe giving lectures on Voip > security. :) > > Cheers, > Marius
SIP Vicious does have a kill command... I've tried launching that on detection with mixed results. Triggering it from a hash count might prove better. With best regards, Fred http://qxork.com _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
