Stopping kiddy scripts to hit your VoIP server

Internet has many programs to try free calls. SIPCLI, a command line SIP agent. It is used for many things, including auditing and looking for misconfigured SIP servers.

The following IPTables rules will let you to prevent these attacks:

iptables -I INPUT -j DROP -p udp --dport 5060 -m string --string "sipcli/" --algo bm
iptables -I INPUT -j DROP -p tcp --dport 5060 -m string --string "sipcli/" --algo bm
iptables -I INPUT -j DROP -p udp --dport 5080 -m string --string "sipcli/" --algo bm
iptables -I INPUT -j DROP -p tcp --dport 5080 -m string --string "sipcli/" --algo bm
iptables -I INPUT -j DROP -p udp --dport 5060 -m string --string "friendly-scanner" --algo bm
iptables -I INPUT -j DROP -p tcp --dport 5060 -m string --string "friendly-scanner" --algo bm
iptables -I INPUT -j DROP -p tcp --dport 5080 -m string --string "friendly-scanner" --algo bm
iptables -I INPUT -j DROP -p udp --dport 5080 -m string --string "friendly-scanner" --algo bm

These rules will drop connection of any packet with the frendly-scanner or sipcli/ string within. Please note that this solution is not absolute, but they are a good start to protect yourself.