SIP scanners
Phillip:
Sorry Felix, I was just trying to follow along with the conversation between you and Shap and my question was framed withing the context of the discussion about a firewall exception. But upon further reflection, I think I see what you are saying about a port address being open or closed as being irrelevant. The exception is created at the time of installation, is it not?
I am a little perplexed though, because it seems that without running some rather sophisticated software, there is little that we, the lowly user can do to thwart high-end scanner attacks. Is this a correct assumption? Is there a 'best practices' that we should be reading?
Phillip
Quote from: Felix on February 04, 2013, 11:26:30 am
Quote from: Phillip on February 03, 2013, 11:50:39 pm
Hi,
Rank newbie here. So am I to presume that xxxxxxxxxx@sip.voice.google.com where Xs represent you GV number, will not work for a Google IP addr?
Phillip,
Do you mind starting a new thread? When you do, please explain what you are trying to do. As stated, your question is very difficult to answer...
themessiah:
I have 4 GV numbers on a 202 ... if I add this to sp1 will that be good for all 4 numbers?
and
It seems it hangs up on the caller, that correct ?
thanks
Quote from: ianobi on September 09, 2012, 11:37:47 pm
{(?|x|xx|xxx|xxxx|xxxxx|xxxxxx|un@@.|anon@@.):},{ph}
This will ban calls with no Peer Number, any Peer Number less than seven digits, Peer Number "unknown" and Peer Number "anonymous".
Sleep well :)
ianobi:
If added to sp1, then that string only protects sp1. You may find that's ok as the default UserAgentPort for sp1 is 5060. 5060 is the standard "SIP Listening Port" throughout the SIP world, so it's likely to get scanned most. Although GV does not use SIP and GV ignores UserAgentPort, scanners still get in as they target ipaddress:port, they do not come in via GV.
Have a read back throught this thread and you will find suggestions for changing UserAgentPort.
The caller should get fast busy and does not get access into your OBi.
Hortoristic:
Again, since changing my setting below, I have had zero bad calls in months
{(?|@|@@|@@@|@@@@|@@@@@|@@@@@@):},{ph}
thegoat54:
Hi everyone,
So I haven't been bothered by calls for a while by using this string.
{(?|x|xx|xxx|xxxx|xxxxx|xxxxxx|xxxxxxx|xxxxxxxx|xxxxxxxxx):},{ph}
Keep in mind I was still using port 5060.
This morning I had the mother of all attacks. In the past, I would receive 1 SIP call and then it would stop. Today someone kept on trying!! I got calls with the following ID's
user1, administrator, admin, admin1, admin12, admin123, admin1234, admin12345, office, office1, office12, office123, office1234, office12345, guest, guest1,guest12
And then I logged in and change my SP1 port to 5076, and SP2 port to 5077 and then the calls stopped.
Wow, talk about abusive. I wonder how long it would have gone for?
Anyhow, all this names came up with no number attached to them. Just a caller ID name. Can we block names without numbers?
Navigation
[0] Message Index
[#] Next page
[*] Previous page