
<html>

  <head>

    <meta content="text/html; charset=ISO-8859-1"

      http-equiv="Content-Type">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    <div class="moz-cite-prefix">Thx Andres,<br>

      <br>

      I have ...<br>

      90% friendly-scanner from all over the world<br>

      7% sipcli and 3% sundayddr <span id="result_box"

        class="short_text" lang="en"><span class="hps">mainly</span></span>

      used in China <br>

      <br>

      <br>

      <br>

      Am 26.03.2014 16:33, schrieb Andres:<br>

    </div>

    <blockquote cite="mid:5332F361.60202@telesip.net" type="cite">

      <meta content="text/html; charset=ISO-8859-1"

        http-equiv="Content-Type">

      <div class="moz-cite-prefix">On 3/26/14, 2:27 AM, Rainer Piper

        wrote:<br>

      </div>

      <blockquote cite="mid:53327343.9030205@soho-piper.de" type="cite">

        <meta content="text/html; charset=ISO-8859-1"

          http-equiv="Content-Type">

        <div class="moz-cite-prefix">Hi Aryn,<br>

          <br>

          changing the standard Listen Port 5060 to something like 5871

          will keep approximately 50% of the bad boys away.<br>

          <br>

          Log user agent client name like <br>

          <br>

          if

          ($ua=~"friendly-scanner"||$ua=~"sipcli"||$ua=~"sundayddr"||$ua=~"sipsak"||$ua=~"sipvicious"||$ua=~"iWar"||$ua=~"sip-scan")


          {<br>

                  sl_send_reply("403", "Forbidden");<br>

                  xlog("L_ALERT","IPTABLES: blocking $si $ua\n");<br>

                  drop();<br>

          }<br>

        </div>

      </blockquote>

      I like this!  Does anybody else have more User Agents to share?<br>

      <blockquote cite="mid:53327343.9030205@soho-piper.de" type="cite">

        <div class="moz-cite-prefix"> <br>

          Let fail2ban put the source IP of the bad boy in your firewall

          for 1h or longer drop time like<br>

          <br>

          fail2ban filter:<br>

          <br>

          [INCLUDES]<br>

          <br>

          #before = common.conf<br>

          <br>

          [Definition]<br>

          # filter for kamailio messages<br>

          failregex = IPTABLES: blocking <HOST><br>

          <br>

          Hide your server name like<br>

          server_header="Server: sipserver-007"<br>

          <br>

          use strong passwords and don't configure an open relay ;-)<br>

          <br>

          this is just one way ... <br>

          <br>

          <br>

          Regards <br>

          Rainer<br>

          <br>

          <br>

           <br>

          <br>

          Am 26.03.2014 03:13, schrieb Arya Farzan:<br>

        </div>

        <blockquote

cite="mid:CAFoK1axekj_q7nwM7LTELt0zb_1KtEr1jWvsfxhVL4mGyZWCyQ@mail.gmail.com"

          type="cite">

          <div dir="ltr">

            <div style="font-family:arial,sans-serif;font-size:13px">I'm

              concerned about others reverse engineering their way into

              my project's sip network. Is there anyway to prevent

              others from finding out that the SIP protocol is being

              used and prevent others to reverse engineer their way into

              my sip network?</div>

          </div>

          <br>

          <fieldset class="mimeAttachmentHeader"></fieldset>

          <br>

          <pre wrap="">_______________________________________________

SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list

<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a>

<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a>

</pre>

        </blockquote>

        <br>

        <br>

        <div class="moz-signature">-- <br>

          <b>Rainer Piper</b> <br>

          NOC - +49 (0)228 97167161 - sip.soho-piper.de <br>

          NOC - +49 (0)2247 9064188 - sip.tele33.de - sip.tefonix.de -

          D293 </div>

        <br>

        <fieldset class="mimeAttachmentHeader"></fieldset>

        <br>

        <pre wrap="">_______________________________________________

SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list

<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a>

<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a>

</pre>

      </blockquote>

      <br>

      <br>

      <pre class="moz-signature" cols="72">-- 

Technical Support

<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://www.cellroute.net">http://www.cellroute.net</a></pre>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <br>

      <pre wrap="">_______________________________________________

SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list

<a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a>

<a class="moz-txt-link-freetext" href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a>

</pre>

    </blockquote>

    <br>

    <br>

    <div class="moz-signature">-- <br>

      <b>Rainer Piper</b>

      <br>

      NOC - +49 (0)228 97167161 - sip.soho-piper.de

      <br>

      NOC - +49 (0)2247 9064188 - sip.tele33.de - sip.tefonix.de - D293

    </div>

  </body>

</html>