Re: [asterisk-users] Portscans and Asterisk

Wed, 17 Oct 2007 14:14:56 -0700 

UDP being stateless and connection-unaware as it is (unless you're using 
TCP transport), there's not really a meaningful sense in which your
Asterisk "answers" as there is no initial dialogue or handshake.  It 
simply replies to messages on an atomic basis.

Thus, it is even more difficult than with TCP services to ascertain the 
nature of an incoming message prior to its processing;  about the only 
thing that could accomplish this is a firewall with an ALG (Application 
Layer Gateway) that is SIP aware and allows one to configure restrictions 
based on deep packet inspection for valid SIP criteria, and I strongly 
doubt such a thing exists.

I wouldn't worry about port scans, personally.  If they are very 
voluminous than you can simply make firewall restrictions as needed.

-- Alex

On Wed, 17 Oct 2007, Turbo Fredriksson wrote:

> Anything to do about portscans? Is there any way (should I) to see
> if the connection is a legit (only SIP currently) connection BEFORE
> my * answers?
>
>
> [2007-10-17 19:23:46] WARNING[4191]: chan_sip.c:6624 
> determine_firstline_parts: Bad request protocol 01@<ASTERISK_IP> SIP/2.0
>    -- Executing [EMAIL PROTECTED]:1] Answer("SIP/sip.jmg.se-081dd730", "") in 
> new stack
> [2007-10-17 19:23:46] WARNING[4191]: chan_sip.c:6624 
> determine_firstline_parts: Bad request protocol 01@<ASTERISK_IP> SIP/2.0
> [2007-10-17 19:23:56] WARNING[10123]: pbx.c:2505 __ast_pbx_run: Timeout, but 
> no rule 't' in context 'default'
>
> Last line already fixed by adding such a rule - just Hangup() for now...
>
>
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>

--
Alex Balashov
Evariste Systems
Web    : http://www.evaristesys.com/
Tel    : +1-678-954-0670
Direct : +1-678-954-0671

_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Reply via email to