On 10/15/10 7:50 AM, Tony Graziano wrote:
Changing the port for the proxy is going to offer some protection, but since
srv (like mx) are resolved to lookup the hostname/prefernce, SIP also
provides PORT.
Spammers don't follow the RFC's. (heck, some softclients don't even use
SRV records)
some still look up a records (some spammers). and from what I have seen
on the attacks, they just can looking for udp/tcp port 5060.
We are a managed network security company, managing and monitoring IDS's
and IPS's in US, EU and other parts. yes, sip url's can still be
harvested, but the majority og the damage is done just on port 5060.
Oh, and these attacks target EVERYONE on the internet. We have clients
without SIP, or any VOIP and they still get sipvicious attacks on port
5060 (a udp attack does not need to see a response from the port. they
just send it)
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best in Email Security,2010: Network Products Guide
* King of Spam Filters, SC Magazine 2008
______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________
_______________________________________________
sipx-users mailing list
[email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-users/
