[Spce-user] Increasing your security -Blocking User Agent-
Anthony Sanchez
agswinpr at gmail.com
Sun Apr 23 13:45:22 EDT 2017
Daniel,
In your article,
https://www.linkedin.com/pulse/securing-your-ngcp-against-sip-attacks-daniel-grotti
How do I know if NGCP is discarding all the requests coming from malicious
UAs?
Fail2ban is banning their IPs, but I am receiving new INVITEs from UAs
May you check my -*kamailio.cfg.customtt.tt2*-, it is right after
request_route
{
…..
# Tony beging
if(!sanity_check("1511", "7"))
{
xlog("L_WARN", "Malformed SIP message detected - [%
logreq_init -%]\n");
exit;
}
## filtering by UA : blacklist
if(is_method("REGISTER|INVITE"))
{
if ($ua =~ "friendly-scanner" || $ua =~ "sipvicious" || $ua =~
"user" || $ua =~ "^sipcli.+" || $ua =~ "^VaxSIPUserAgent.+")
{
xlog("L_WARN", "Request rejected, malicious UA='$ua' from
IP=$si - [% logreq_init -%]\n");
exit;
}
}
# Tony end
Thanks in advance,
Tony
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/mailman/private/spce-user_lists.sipwise.com/attachments/20170423/790d7dee/attachment.html>
More information about the Spce-user
mailing list