Re: [sipx-users] Random SipxProxy Problem

Mon, 27 Sep 2010 09:04:07 -0700 

 On 9/27/10 11:33 AM, Todd Hodgen wrote:



I've seen this attack at customer sites that were blocked at the 
firewall.  The only way I was able to detect them was when I ran 
TraceBuster between the firewall and the router -- they jumped out 
pretty easily.  Tracebuster is my new best friend.  Can't go wrong for 
$99.



In my particular case, sip is only allowed in from specific IP 
addresses, and blocked on all others.  It's maddening though because 
they screw up the broadband bandwidth that is available.




one of the reasons (from a security perspective) I like how FS decided 
to split up their public ports.



we use 5060 for sip (automated scanners are NOT doing NAPTR or SRV 
lookups!) they just hit port 5060.  FS uses 5080.
we use 5080 for trunking (and can firewall and rate limit it easily 
enough), FS uses 5060.



no, they won't stop real hackers, or SPIM, but will stop some of these 
automated scanners.



(there is a patch in SVN to allow trunking AND sip calls on port 5060.  
just like Askerisk does.  I don't think I would apply that patch until I 
had one that allowed me to move the sip call public port)



just from a security perspective, moving trunking to 5060 and limiting 
it to just your ITSP and them moving public (sip calls, etc) to 5080 
will stop ALL of these (for now) till they start scanning 5080, 5070, 
5090, 5061, etc)




--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
> *| *SECNAP Network Security Corporation

   * Certified SNORT Integrator
   * 2008-9 Hot Company Award Winner, World Executive Alliance
   * Five-Star Partner Program 2009, VARBusiness
   * Best in Email Security,2010: Network Products Guide
   * King of Spam Filters, SC Magazine 2008


______________________________________________________________________

This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.secnap.com/products/spammertrap/

______________________________________________________________________  
_______________________________________________
sipx-users mailing list
[email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-users/






















					Reply via email to