User Rating: 4 / 5

Star Active Star Active Star Active Star Active Star Inactive
 
pplsip.png

At some point, after running your PBX for a while, you will get some exposition. If you go to your PBX console and watch your logs, you may notice that sometimes someone tries to register or to send an INVITE signal. These tries are usually done by scripts looking for misconfigured SIP servers.

The IPTables Script

After looking on the Internet, I got a little list of User-Agent identifiers for those scripts. So, I wrote the following script in order to help everyone to create the rules.

Files:
(4 votes)

The anti-script script will inject basic and configurable IPTables rules that will prevent a connection from kiddy script to your PBX.

Date  2018-04-16
System   Linux
File Size  527 B
Download  1,653

Please note that the User-Agent script is very easy to change. Most seasoned hackers will be able to change it, however, the newbies will not. This approach only makes it more difficult. By default, the script will create rules for the ports 5060 and 5080, both UDP and TCP.

Taking the Security further

If you are asking, what would be the root fix? I believe you will need a SIP proxy, maybe Kamailio or a FreeSWITCH with very basic configurations. The idea is that this element may be able to analyze the SIP payload and depending on some rules, it takes the call to block it or let it pass through. Some of these criteria parameters could be:

  • INVITE, From, To, and Contact must use a fully qualified domain name instead of IP's.
  • the o and c header in the DSP payload should have an IP instead of pointing to nowhere (0.0.0.0)

I am pretty sure there are more criteria. When the time comes, I will write about that.

Good luck!

blog comments powered by Disqus