Please allow IP range in X_Access List to stop SIP Scanners

<< < (3/4) > >>

Shale:
+1

I had another idea. Suppose you could get the outbound packets to start with a shorter time to live (TTL). This would limit how many hops the packets would survive. Now I see problems, but I was thinking that many SIP scanners would be on longer routes than your legitimate server.

The TTL idea is probably flawed. The original suggestion on this thread  to list subnets would be quite sufficient, unless the list of subnets was too big. I wonder how big the list of subnets used for GV is.

OBiTalk could pre-populate X_AccessList for the providers that it specifically knows about.

adit:
+1. I just was hit by the dreadful SIP scanners , next day after setting my OBI. My provider does not provide it's IP range but you can find what the company has allocated :  http://whois.arin.net/rest/net/NET-208-65-240-0-1

So:

NetRange 208.65.240.0 - 208.65.247.255
CIDR 208.65.240.0/21

I would like to be able to enter this on my OBI. I want to allow ONLY my provider address range. This will block any SIP scanner. I'm sure that my provider does not use the all range but I did not get from the what actually is used so setting the full range should be the best. I'm sure more and more will be hit with this and allowing only a range of IP is an easy fix.

HDFLucky:
Quote from: OBiSupport on January 11, 2013, 04:38:16 pm

Please see the OBi Admin Guide (p. 94) for details on the parameter called ”X_AccessList”.

X_AccessList
A comma separated list of IP addresses such that the device only accepts SIP requests coming from one of the given addresses. If the list is empty, the device accepts SIP requests from any IP address

This is found in the ITSP SIP Settings area of the configuration.


Reviving this thread, because it's even more relevant now than when first posted.
The OBi response completely misses the point. I think everyone here is aware of and agrees with the value of X_AccessList. However, it only allows full decimal notation of individual ip addresses. My provider has the range 208.64.8.0 - 208.64.11.255. That's 1024 addresses! If CIDR notation were allowed, it would only require a single entry of 208.64.8.0/22 for the entire range of addresses.

gderf:
A more effective and easier method to foil SIP scanners is to use the "Oleg" method or enable X_EnforceRequestUserID. Search the forum.

cluckercreek:
Ditto to gderf's response. It just plain works.

Navigation

[0] Message Index

[#] Next page

[*] Previous page