<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">
<div class="moz-cite-prefix">ps:<br>
<br>
you can use <br>
xlog("L_ALERT","IPTABLES: blocking $si \n");<br>
anywhere you like ... for example wrong login password/username<br>
<br>
and fail2ban will drop the source IP for a 1h or longer drop
time<br>
<br>
<br>
Regards <br>
Rainer<br>
<br>
Am 26.03.2014 07:27, schrieb Rainer Piper:<br>
</div>
<blockquote cite="mid:53327343.9030205@soho-piper.de" type="cite">xlog("L_ALERT","IPTABLES:
blocking $si $ua\n");</blockquote>
<br>
<br>
<div class="moz-signature">-- <br>
<b>Rainer Piper</b>
<br>
NOC - +49 (0)228 97167161 - sip.soho-piper.de
<br>
NOC - +49 (0)2247 9064188 - sip.tele33.de - sip.tefonix.de -
D293
</div>
<br>
<br>
Am 26.03.2014 07:27, schrieb Rainer Piper:<br>
</div>
<blockquote cite="mid:53327343.9030205@soho-piper.de" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<div class="moz-cite-prefix">Hi Aryn,<br>
<br>
changing the standard Listen Port 5060 to something like 5871
will keep approximately 50% of the bad boys away.<br>
<br>
Log user agent client name like <br>
<br>
if
($ua=~"friendly-scanner"||$ua=~"sipcli"||$ua=~"sundayddr"||$ua=~"sipsak"||$ua=~"sipvicious"||$ua=~"iWar"||$ua=~"sip-scan")
{<br>
sl_send_reply("403", "Forbidden");<br>
xlog("L_ALERT","IPTABLES: blocking $si $ua\n");<br>
drop();<br>
}<br>
<br>
Let fail2ban put the source IP of the bad boy in your firewall
for 1h or longer drop time like<br>
<br>
fail2ban filter:<br>
<br>
[INCLUDES]<br>
<br>
#before = common.conf<br>
<br>
[Definition]<br>
# filter for kamailio messages<br>
failregex = IPTABLES: blocking <HOST><br>
<br>
Hide your server name like<br>
server_header="Server: sipserver-007"<br>
<br>
use strong passwords and don't configure an open relay ;-)<br>
<br>
this is just one way ... <br>
<br>
<br>
Regards <br>
Rainer<br>
<br>
<br>
<br>
<br>
Am 26.03.2014 03:13, schrieb Arya Farzan:<br>
</div>
<blockquote
cite="mid:CAFoK1axekj_q7nwM7LTELt0zb_1KtEr1jWvsfxhVL4mGyZWCyQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div style="font-family:arial,sans-serif;font-size:13px">I'm
concerned about others reverse engineering their way into my
project's sip network. Is there anyway to prevent others
from finding out that the SIP protocol is being used and
prevent others to reverse engineer their way into my sip
network?</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a>
</pre>
</blockquote>
<br>
<br>
<div class="moz-signature">-- <br>
<b>Rainer Piper</b> <br>
NOC - +49 (0)228 97167161 - sip.soho-piper.de <br>
NOC - +49 (0)2247 9064188 - sip.tele33.de - sip.tefonix.de -
D293 </div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a>
<a class="moz-txt-link-freetext" href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a>
</pre>
</blockquote>
<br>
<br>
<div class="moz-signature">-- <br>
<b>Rainer Piper</b>
<br>
NOC - +49 (0)228 97167161 - sip.soho-piper.de
<br>
NOC - +49 (0)2247 9064188 - sip.tele33.de - sip.tefonix.de - D293
</div>
</body>
</html>