On Tuesday September 6th the forum will be down for maintenance from 9:30 PM to 11:59 PM PDT
Started by Shale, March 11, 2013, 08:57:16 AM
Quote from: Shale on March 11, 2013, 08:57:16 AM2. Change the (Voice Services)SPx Service->X_UserAgentPort ports for each SPx to a number not in the 506x range. This seems effective based on people's experience, but how long until the scanners broaden their scans?
Quote from: Shale on March 11, 2013, 08:57:16 AMIf anybody knows an easier way to find the strings actually being used, let us know.
Quote from: Shale on March 31, 2013, 12:27:40 PMSo at this point, I don't think "method 5" is suitable to add to the list. The SIP scanner thwarting methods list needs simplification more than it needs comprehensiveness.
Quote from: Felix on March 23, 2013, 10:24:45 PMThe more I am thinking, Oleg's solution (#4) is bulletproof and doesn't have negative side effects. In other words, it's ideal.Or what would be the situation when this wouldn't work? I assume that your adapter is not in DMZ; so if it is not registered with a provider, the port is closed to the internet. And if it is registered, then you have some kind of id that you can match against X_InboundCallRouteAm I missing something? I don't know Oleg (I wish I knew), but it looks like a solution that is genius in its simplicity
Quote from: Mango on March 19, 2013, 06:15:21 AMQuote from: Shale on March 11, 2013, 08:57:16 AM2. Change the (Voice Services)SPx Service->X_UserAgentPort ports for each SPx to a number not in the 506x range. This seems effective based on people's experience, but how long until the scanners broaden their scans?I think it is unlikely the scanners will broaden their scans, though of course not impossible.What they're trying to find is PBX systems set up with default or test settings, for example a User ID of "1001" and password of "password". Once they find such credentials, they can route calls to high cost destinations through the compromised PBX. Us OBi users aren't the target of their activities; we're just a side effect. Since someone who knows enough to change their PBX's port probably also knows not to use easy passwords, I think the scanners will find themselves most successful in the 50xx range.So, I expect your suggestion is a good one and that using a port in the range of 20000-65535 should be quite safe.