It might be time to gather all the suggestions together and post on
the wiki under the security heading, mostly for newbies, but also for
some of us old timers to refer to.
Maybe a quick outline of the problem(s) and overview of solutions
(eg: generic port scanning for port 5060, specific attempted use of
'siptrap' uri's?),
Problem of DOS attacks and Toll Fraud (with a big warning about the
'DISA.. Dial Authorization codes)
AA's and extension numbers, generic web site, xss, sql injection attacks.
Some solutions:
Tony's suggestions for pfsense rate limiting,
Gerald's for voipblacklist (Gerald, I like this one. can you get me
contact information for admin?)
Emerging Threats blocks of DSHIELD listed ip's, their list of RBN's
(Russian Business Network) EC2 (list of amazon ec2 ip's)
Links to snort (and ids that can watch for attacks by ip, and or user
strings)
oh, and you can hijack this thread and put in any comments or discussion
you like :-)
--
Michael Scheidell, CTO
o: 561-999-5000
d: 561-948-2259
ISN: 1259*1300
> *| *SECNAP Network Security Corporation
* Certified SNORT Integrator
* 2008-9 Hot Company Award Winner, World Executive Alliance
* Five-Star Partner Program 2009, VARBusiness
* Best in Email Security,2010: Network Products Guide
* King of Spam Filters, SC Magazine 2008
______________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.secnap.com/products/spammertrap/
______________________________________________________________________
_______________________________________________
sipx-users mailing list
[email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-users/
