HOWTO: Thwarting SIP Scanners during Set-up

<< < (7/20) > >>

newobi:
I've been waking in the middle of the night by 201, 301, 3001 calls.  Upon research, I've read both threads, this Thwarting SIP Scanners and the long SIP Scanners thread. I'm not sure which is the best method now.

Is everything I have below correct?

ORIGINAL MEtHOD

Under X_InboundCallRoute

{(?|x|xx|xxx|xxxx|xxxxx|xxxxxx|un@@.|anon@@.):},{ph}

or

{(?|@|@@|@@@|@@@@|@@@@@|@@@@@@):},{ph}

Is @ same as x?

And, I've seen advice suggesting changing the X_UserAgentPort as well.

This method can end up blocking wanted calls, like a Callerid of "PIE A"?

NEW RECOMMENDED METHOD...

Oleg's method #4

No change needed on SPn Service for Google Voice, just on the VOIP SPn Service?

Also, not need to change the X_UserAgentPort?

Mango:
My preference is a combination of the following:

Method 0) Disable any SP that you're not using.

Method 2) Change X_UserAgentPort on SPs configured for SIP to a number between 20000 and 65535.
This will reduce the number of SIP scans that reach your device.

Method 4) Change X_InboundCallRoute to {>('Insert your AuthUserName here'):ph}
If any scanners discover the port you're using, the device will reject the call unless it's destined for your AuthUserName.

I prefer not to filter based on Caller ID Number and Shale seems to agree with me.  It would be easy to spoof a legitimate-looking number.

Method 3) is effective but my VoIP service provider changes their IPs from time to time and they have so many I can't keep up.

ianobi:
Quote

Is @ same as x?

"x" refers to any digit. "@" refers to any alphanumeric character. "xxxx" will match "3001" but not "test". "@@@@" will match "3001" and "test".


I agree with Mango's comments.

There have been no reports of Oleg's method failing. If you use your OBi simply to terminate services on, then it should be enough on its own. Some of us use single-stage "through dialling", where calls can come in on an InboundCallRoute and go out on another service. This needs some added security. I like to change my UserAgentPorts as an extra layer of security.

I have not heard of scanners being a problem on any spX used for Google Voice. GV does not use SIP. It does appear the scanners are only looking for SIP trunks to use.

bsdaiwa:
Quote from: Shale on March 11, 2013, 08:57:16 am


{ph}                 [before]
{>17771234567:ph}  [after adding protection from SIP scanners]



Question, do I use the { } or are they removed? When I look at my current setting the ph has no brackets around it, so I am not sure if I should include them or not when I make the change and insert my AuthUserName.
Thanks

Shale:
Quote from: bsdaiwa on August 18, 2013, 09:02:42 am

Quote from: Shale on March 11, 2013, 08:57:16 am


{ph}                 [before]
{>17771234567:ph}  [after adding protection from SIP scanners]



Question, do I use the { } or are they removed? When I look at my current setting the ph has no brackets around it, so I am not sure if I should include them or not when I make the change and insert my AuthUserName.
Thanks

Use them. I guess they are not needed in all cases, but I suspect they are at least some of the time. And it works with them.

Navigation

[0] Message Index

[#] Next page

[*] Previous page