Re: [SR-Users] SIP Scanning Attacks Experiences

Daniel-Constantin Mierla Fri, 19 Nov 2010 02:32:52 -0800

Thanks, I read it in the past, I added a note about it and mentionedthat one can use sl_send_reply("200", "OK") config for a similar solution.


Cheers,
Daniel


On 11/18/10 3:44 PM, Mark R wrote:

This might also be of use if bandwidth is an issue:

http://jcs.org/notaweblog/2010/04/11/properly_stopping_a_sip_flood/

Rgds,

Mark

On Thu, Nov 18, 2010 at 1:57 PM, marius zbihlei<marius.zbih...@1and1.ro <mailto:marius.zbih...@1and1.ro>> wrote:


    On 11/18/2010 03:59 PM, Fred Posner wrote:

        On Nov 18, 2010, at 8:49 AM, marius zbihlei wrote:


            On 11/18/2010 01:58 PM, Daniel-Constantin Mierla wrote:

                Hello,

                during the testing period of Kamailio 3.1.0, while
                running it at
                voipuser.org <http://voipuser.org>, I had the chance
                to watch live and analyze a SIP scanning
                attack. Yesterday I noticed another one by looking at
                Siremis 2.0
                charts, therefore I wrote an article with some hints
                about what you can
                use to protect your SIP services within Kamailio
                configuration file.

                You can read it at:
                   * http://asipto.com/u/i

                Hope is going to be useful for many of you!

                Cheers,
                Daniel



            Hello Daniel,

            Nice read, thanks for sharing. This "friendly-scanner"
            messages has really gotten out of hand lately. FYI, they
            are generated by a python suite called SIPVicious (ha ha
            nice pun)(http://code.google.com/p/sipvicious/) . More on
            this http://blog.sipvicious.org/. The suite was developed
            (really really extended the sense of the word "developed"
            here - as the scripts are really basic) by a security
            company who trails over Europe giving lectures on Voip
            security. :)

            Cheers,
            Marius

        SIP Vicious does have a kill command... I've tried launching
        that on detection with mixed results. Triggering it from a
        hash count might prove better.



    The kill command (actually a bug that caused a Python exception to
    be raised) was fixed in a later commit :)

    Marius

        With best regards,

        Fred
        http://qxork.com










    _______________________________________________
    SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing
    list
    sr-users@lists.sip-router.org <mailto:sr-users@lists.sip-router.org>
    http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users



_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users


--
Daniel-Constantin Mierla
Kamailio (OpenSER) Advanced Trainings
Nov 22-25, 2010, Berlin, Germany
Jan 24-26, 2011, Irvine, CA, USA
http://www.asipto.com

_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

Re: [SR-Users] SIP Scanning Attacks Experiences

Reply via email to