[App_rpt-users] Bogus SIP registrations
Jim Duuuude
telesistant at hotmail.com
Sun Jun 23 21:52:54 UTC 2013
Change your SIP port to something completely weird and non-standard
(from 5060). You'll likely never hear from whoever it is again.
Sometimes "security by obscurity" really *does* effectively function.
Jim
> Date: Sun, 23 Jun 2013 13:57:40 -0600
> From: kb0kzr at matthouse.com
> To: app_rpt-users at ohnosec.org
> Subject: [App_rpt-users] Bogus SIP registrations
>
> All--
>
> While diagnosing another problem (which I will post about in a little bit
> if I can't get it figured out, but I wanted to keep separate threads
> separate) -- suddenly somebody started sending me a ton of bogus SIP
> registrations. The source-IP is 210.73.202.76 for whatever that may be
> worth. I thought about firewalling it, but I don't think SIP is required
> at all for app_rpt to work? So I disabled chan_sip entirely in
> modules.conf.
>
> Just throwing it out there as something to consider for other app_rpt
> nodes... I don't know of any security flaws in chan_sip, but I figured
> since it isn't being used there's no reason to run it.
>
> -Matt-
>
> _______________________________________________
> App_rpt-users mailing list
> App_rpt-users at ohnosec.org
> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.keekles.org/pipermail/app_rpt-users/attachments/20130623/9fd70d80/attachment.html>
More information about the App_rpt-users
mailing list