This might also be of use if bandwidth is an issue:<br><br><a href="http://jcs.org/notaweblog/2010/04/11/properly_stopping_a_sip_flood/">http://jcs.org/notaweblog/2010/04/11/properly_stopping_a_sip_flood/</a><br><br>Rgds,<br>
<br>Mark<br><br><div class="gmail_quote">On Thu, Nov 18, 2010 at 1:57 PM, marius zbihlei <span dir="ltr"><<a href="mailto:marius.zbihlei@1and1.ro">marius.zbihlei@1and1.ro</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div class="im">On 11/18/2010 03:59 PM, Fred Posner wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
On Nov 18, 2010, at 8:49 AM, marius zbihlei wrote:<br>
<br>
<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
On 11/18/2010 01:58 PM, Daniel-Constantin Mierla wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
Hello,<br>
<br>
during the testing period of Kamailio 3.1.0, while running it at<br>
<a href="http://voipuser.org" target="_blank">voipuser.org</a>, I had the chance to watch live and analyze a SIP scanning<br>
attack. Yesterday I noticed another one by looking at Siremis 2.0<br>
charts, therefore I wrote an article with some hints about what you can<br>
use to protect your SIP services within Kamailio configuration file.<br>
<br>
You can read it at:<br>
* <a href="http://asipto.com/u/i" target="_blank">http://asipto.com/u/i</a><br>
<br>
Hope is going to be useful for many of you!<br>
<br>
Cheers,<br>
Daniel<br>
<br>
<br>
<br>
</blockquote>
Hello Daniel,<br>
<br>
Nice read, thanks for sharing. This "friendly-scanner" messages has really gotten out of hand lately. FYI, they are generated by a python suite called SIPVicious (ha ha nice pun)(<a href="http://code.google.com/p/sipvicious/" target="_blank">http://code.google.com/p/sipvicious/</a>) . More on this <a href="http://blog.sipvicious.org/" target="_blank">http://blog.sipvicious.org/</a>. The suite was developed (really really extended the sense of the word "developed" here - as the scripts are really basic) by a security company who trails over Europe giving lectures on Voip security. :)<br>
<br>
Cheers,<br>
Marius<br>
<br>
</blockquote>
SIP Vicious does have a kill command... I've tried launching that on detection with mixed results. Triggering it from a hash count might prove better.<br>
<br>
<br>
<br>
</blockquote></div>
The kill command (actually a bug that caused a Python exception to be raised) was fixed in a later commit :)<br><font color="#888888">
<br>
Marius</font><div><div></div><div class="h5"><br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
With best regards,<br>
<br>
Fred<br>
<a href="http://qxork.com" target="_blank">http://qxork.com</a><br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
</blockquote>
<br>
<br>
_______________________________________________<br>
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list<br>
<a href="mailto:sr-users@lists.sip-router.org" target="_blank">sr-users@lists.sip-router.org</a><br>
<a href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users" target="_blank">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</div></div></blockquote></div><br>