[Freeswitch-users] SIP attacks from 188.161.101.73

peely freeswitch at peely.com
Thu Jan 5 22:53:36 MSK 2012


We force all users to register against our DNS name, then use IP Tables to
reject REGISTER methods coming against our IP address:

iptables -I INPUT -j DROP -p udp --dport 5060 -m string --string "REGISTER
sip:a.c.d.e SIP" --algo bm
iptables -I INPUT -j DROP -p udp --dport 5060 -m string --string "REGISTER
sip:a.c.d.e:5060 SIP" --algo bm

Where a.b.c.d is your public IP address. This will stop responses to initial
SIPVicious explorations also, which means you don't get on their list in the
first place and save a whole lot of useless UDP blasts which come from their
brute force attacks.

--
View this message in context: http://freeswitch-users.2379917.n2.nabble.com/SIP-attacks-from-188-161-101-73-tp7144973p7155883.html
Sent from the freeswitch-users mailing list archive at Nabble.com.



Join us at ClueCon 2011 Aug 9-11, 2011
More information about the FreeSWITCH-users mailing list