Author |
Message |
KentC Brekeke Guru
Joined: 09 Dec 2011 Posts: 108
Location: rw-rw-rw-
|
Posted: Fri Sep 28, 2012 6:58 am Post subject: SIP Registration Hack Attempt - How to guard against?*RSLVD* |
|
|
1. Brekeke Product Name and version:
Brekeke Sip Server 2.x
2. Java version:
Jre 1.6
3. OS type and the version:
Centos 5.6
4. UA (phone), gateway or other hardware/software involved:
N/A
5. Select your network pattern from http://www.brekeke-sip.com/bbs/network/networkpatterns.html :
Enterprise
6. Your problem:
Brekeke Community,
Crazy situation.. So we had a hack attempt this morning...The
HeartBeat kept failing on a production server we have traffic on due to a SIP registration hack attempt originating from China. It has been blocked.
My question is do to the ever-growing attempts/attacks like this, how could we better protect ourselves moving forward against hackers like this? I saw the heartbeat go down 3 times till this was found and issue fixed early this morning.
Please advise. Thank you.
Kent C.
Last edited by KentC on Tue Oct 02, 2012 3:08 pm; edited 1 time in total |
|
Back to top |
|
hope Brekeke Master Guru
Joined: 15 Jan 2008 Posts: 862
|
|
Back to top |
|
tuie2 Brekeke Talented
Joined: 23 Jan 2009 Posts: 57
|
Posted: Fri Sep 28, 2012 9:50 am Post subject: |
|
|
Also you can set trusted IP addresses in the router.
If you are using unix-like OS (e.g. Linux), tune the iptables to define trusted IP addresses.
https://isc.sans.edu/port.html?port=5060
There are many attacks to the port-5060 everyday. |
|
Back to top |
|
KentC Brekeke Guru
Joined: 09 Dec 2011 Posts: 108
Location: rw-rw-rw-
|
Posted: Tue Oct 02, 2012 3:07 pm Post subject: |
|
|
Thank you for all the advice! I will save for the future since I didn't have a gameplan when this happened. |
|
Back to top |
|
|