News:

On Tuesday September 6th the forum will be down for maintenance from 9:30 PM to 11:59 PM PDT

Main Menu

OBi, please help us defeat SIP scanners/spammers

Started by lacibaci, December 23, 2012, 06:40:34 PM

Previous topic - Next topic

lacibaci

OBi, please help us defeat SIP scanners/spammers by implementing one or both feature requests mentioned here:

Reject SIP requests except from registration server
(http://www.obitalk.com/forum/index.php?topic=4159.0)

Please allow IP range in X_Access List to stop SIP Scanners
(http://www.obitalk.com/forum/index.php?topic=3544.0)

Either would help out tremendously. Currently I have to resort to firewall rules and inbound rules. X_AccessList with its 512 character limit is not useful for VOIP providers with large number of servers.

Thanks
Lac

carl


pbd3mon



Dav3yDark0

Add me to the list of users requesting this feature. 

Hyrules

add my voice to the list. Again last night I was scanned / spammed. I had to re add the x_accesslist to my latest setup. The phone would'nt stop ringing.

Mango

For anyone having this problem, double check that you remembered to set:

Voice Services >> SPx Service >> X_UserAgentPort: (some random number greater than 1024 20000 and less than 65535)

lacibaci

Another day and the phone rings in the middle of the night... :( Something should seriously by done about this.

How hard would it be to implement just ONE of the features mentioned above?

I am almost at the point of dumping this hardware and getting something else...

Mango


lacibaci

Quote from: Mango on March 15, 2013, 06:35:56 PM
What was your X_UserAgentPort set to?

It's not the default (5060) but changing the port and playing with access list/rules is not working for the long haul. For hackers it's very easy to scan other ports (or ranges)
What we need is a real fix from OBi. I doubt it would take more than a couple of hours to implement the first one (Reject SIP requests except from registration server)

How about that OBi?

Mango

Out of curiosity, could you PM me what the port number was?  I'm curious because this is the first time I have heard of scanners using a nonstandard port.

Mango

I thought better of my recommendation above.  Until you have another solution, you might want to try a random number between 20000 and 65535.

lacibaci

Quote from: Mango on March 19, 2013, 05:46:13 AM
What was your X_UserAgentPort set to?

It was not the default, nor in the 506x range.

Felix

Ironic, that we got a fairly sophisticated comment spam (konglo) in the thread discussing SIP spam.

obmsonge

#14
 I had to re add the x_accesslist to my latest setup.




mayge

#15
HOWTO: Thwarting SIP Scanners during Set-up
http://www.obitalk.com/forum/index.php?topic=5467.0

QuoteNote: Things changed for the better about June/July 2013. OBiTalk has been implementing method 4, Oleg method described below, for at least some of the SIP providers by default. If your provider is not one that OBiTalk lists or if you get a SIP scan, or if you have overridden the X_InboundCallRoute so that OBiTalk does not control the field, or if you choose to not use OBiTalk, the information below will still apply. (note #j)
     =========The need for the following has been reduced========


I'm assuming X_UserAgentPort needs to be unique when multiple obi on LAN (and unique among multiple IP phone control ports)

By using an X_UserAgentPort outside 5060-5080 what pfSense WAN- and LAN rules would the gurus suggest?

I'm using pfsense on the recommendation of one more tech than myself as my previous router had undisablable sip alg.



squalk

are your OBIs not sitting behind a firewall?  (not routing, not-NAT, merely firewall IDS)