When publishing a PBX on a public IP address, the task arises to protect the speaker from scanners, pests who are trying to pick up passwords to SIP PBX accounts. If a simple numeric password is set, it will be picked up very quickly, which will cause losses.
For basic protection against scanners, fail2ban must be enabled. Additionally, you can fine-tune the iptables rules.
Go to the "System file customization " section
Go to edit the /etc/firewall_additional file
Set the "Add to end of file " mode, insert the following code:
Copy iptables - I INPUT 2 - p udp - m udp -- dport 5060 - m string --string 'friendly-scanner' -- algo bm -- to 65535 - j DROP The added rule allows blocking all incoming requests over the UDP protocol that contain the substring "friendly-scanner "
A more complete example of a set of rules:
Copy iptables - I INPUT 2 - p udp - m udp -- dport 5060 - m string --string 'sipcli' -- algo bm -- to 65535 - j DROP
iptables - I INPUT 2 - p udp - m udp -- dport 5060 - m string --string 'sip-scan' -- algo bm -- to 65535 - j DROP
iptables - I INPUT 2 - p udp - m udp -- dport 5060 - m string --string 'iWar' -- algo bm -- to 65535 - j DROP
iptables - I INPUT 2 - p udp - m udp -- dport 5060 - m string --string 'sipvicious' -- algo bm -- to 65535 - j DROP
iptables - I INPUT 2 - p udp - m udp -- dport 5060 - m string --string 'sipsak' -- algo bm -- to 65535 - j DROP
iptables - I INPUT 2 - p udp - m udp -- dport 5060 - m string --string 'sundayddr' -- algo bm -- to 65535 - j DROP
iptables - I INPUT 2 - p udp - m udp -- dport 5060 - m string --string 'VaxSIPUserAgent' -- algo bm -- to 65535 - j DROP
iptables - I INPUT 2 - p udp - m udp -- dport 5060 - m string --string 'friendly-scanner' -- algo bm -- to 65535 - j DROP
iptables - I INPUT 2 - p tcp - m tcp -- dport 5060 - m string --string 'sipcli' -- algo bm -- to 65535 - j DROP
iptables - I INPUT 2 - p tcp - m tcp -- dport 5060 - m string --string 'sip-scan' -- algo bm -- to 65535 - j DROP
iptables - I INPUT 2 - p tcp - m tcp -- dport 5060 - m string --string 'iWar' -- algo bm -- to 65535 - j DROP
iptables - I INPUT 2 - p tcp - m tcp -- dport 5060 - m string --string 'sipvicious' -- algo bm -- to 65535 - j DROP
iptables - I INPUT 2 - p tcp - m tcp -- dport 5060 - m string --string 'sipsak' -- algo bm -- to 65535 - j DROP
iptables - I INPUT 2 - p tcp - m tcp -- dport 5060 - m string --string 'sundayddr' -- algo bm -- to 65535 - j DROP
iptables - I INPUT 2 - p tcp - m tcp -- dport 5060 - m string --string 'VaxSIPUserAgent' -- algo bm -- to 65535 - j DROP
iptables - I INPUT 2 - p tcp - m tcp -- dport 5060 - m string --string 'friendly-scanner' -- algo bm -- to 65535 - j DROP This will protect you from most scanners that I mention User-Agent when requesting.
Last updated 8 months ago
