On 10/15/2010 7:43 AM, Tony Graziano wrote: > Again, that's a different thread. Including the one that identies certain > sipua's that are I'd'd as the attack and providing the information for the > firewall to pickup... > > My post (stop hijacking everyone), relates to obfuscating potential > harvestable data used by attackers. That's all, this is something that is > hosted at sipfoundry.
Tony, I did not mean this as an attempt to hijack your post to "hide" sip addresses. IMO, any sip address is no different than an email address. Your email address is publicly viewable. A public SIP server has to pass the torture that any other public server like smtp, http, ssh endure. I believe hiding your SIP information is like putting a bandage on something that needs stitches. Effort should be directed to cure the problem and not mask it IMO. > > Also, if you read some of the other posts you'll see a very proactive > automated feature that SHOULD be discussed under the correct thread. > > You will also see the results of the 30 minute attack resulting in 40 > invites attempted with no loss of bandwidth, cpu, connections, memory OR > latency. > > Take whatever approach you want, but I simply asked if there was a way to > obfuscate sip: uri on the harvestable lists/forums at sipfoundry. The > inability to harvest this data is the first step to prevent (as in prevent, > mitigate, harden). > > Obfuscation is technically feasible or not? I don't think it is necessary. Just like hiding your email or phone number.... > ============================ > Tony Graziano, Manager > Telephone: 434.984.8430 > Fax: 434.984.8431 > > Email: [email protected] > -- Regards -------------------------------------- Gerald Drouillard Technology Architect Drouillard & Associates, Inc. http://www.Drouillard.biz _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
