Currently, someone has taken sipvicious and deployed it on bots that try to authenticate to user sipsscuser. It does need to be stopped at the firewall, and in one of my customer sites it is. However, there are reports of sites that get hit so hard that it creates the equivalent of a Denial of Service attach.
Fail2ban is one approach that is used to control these attacks. From: [email protected] [mailto:[email protected]] On Behalf Of Joegen Baclor Sent: Monday, September 27, 2010 4:18 AM To: sipXecs developer discussions Subject: Re: [sipx-dev] ability to deny based on UA IMHO, deny based on UA versus deny based on credentials won't give you much of a defense against a DOS attack. The only difference between deny by IP against deny by credentials is it requires two transactions for a deny by credential to reject the request. Thus it is safe to say that if 1000 REGISTERS brings down a system where it denies by credential, it would take double that amount to bring it down if it decides to deny based on IP and I don't think there won't be any shortage of transactions a DOS attacker can spawn :-). This is a firewall role. On Monday, 27 September, 2010 06:13 PM, Tony Graziano wrote: Is there a way to add a functionality to filter SIP messages based on the Via headers IP address or names? This would be to make the information available to a firewall or other script as a measure to identify or protect against a dos attack. If an attack was to send an invite or register using a brute force attack to attemt to register thousands of times in a very short preiod, it would be nice to have a detection and limited protection mechanism. -- ====================== Tony Graziano, Manager Telephone: 434.984.8430 sip: [email protected] Fax: 434.984.8431 Email: [email protected] LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 sip: [email protected] Fax: 434.984.8427 Helpdesk Contract Customers: http://www.myitdepartment.net/gethelp/ Why do mathematicians always confuse Halloween and Christmas? Because 31 Oct = 25 Dec. _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev/
_______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev/
