Author |
Message |
snuyzm Brekeke Talented
Joined: 11 Feb 2015 Posts: 97
|
Posted: Wed Feb 11, 2015 10:18 pm Post subject: Shodan may find your SIP server |
|
|
1. Brekeke Product Name and Version: ANY
It seems Shodan (http://www.shodan.io/) uses Namp (http://nmap.org/) to search SIP servers.
If you are using Brekeke SIP Server version 3.0 or later, use this dialplan to hide your server.
Matching Patterns | $request = ^OPTIONS From = sip:nm@nm To = sip:nm2@nm2 Call-ID = 50000
| Deploy Patterns | $action = block
|
|
|
Back to top |
|
mbylica Brekeke Addict
Joined: 16 May 2011 Posts: 41
Location: Poland
|
Posted: Tue Feb 17, 2015 6:25 am Post subject: |
|
|
How do you know that is should block the request?
Do you have any example OPTIONS message to take a look?
Are From/To/Call-ID headers always the same?
Thanks. |
|
Back to top |
|
snuyzm Brekeke Talented
Joined: 11 Feb 2015 Posts: 97
|
Posted: Tue Feb 17, 2015 11:12 am Post subject: |
|
|
nmap's OPTIONS packet:
Code: |
OPTIONS sip:nm SIP/2.0
Via: SIP/2.0/TCP nm;branch=foo
From: <sip:nm@nm>;tag=root
To: <sip:nm2@nm2>
Call-ID: 50000
CSeq: 42 OPTIONS
Max-Forwards: 70
Content-Length: 0
Contact: <sip:nm@nm>
Accept: application/sdp |
Source
Code: |
local sipprobe = "OPTIONS sip:nm SIP/2.0\r\nVia: SIP/2.0/UDP nm;branch=foo;rport\r\nFrom: <sip:nm@nm>;tag=root\r\nTo: <sip:nm2@nm2>\r\nCall-ID: 50000\r\nCSeq: 42 OPTIONS\r\nMax-Forwards: 70\r\nContent-Length: 0\r\nContact: <sip:nm@nm>\r\nAccept: application/sdp\r\n\r\n" |
https://github.com/mcmasterathl/scan-tools/blob/master/nse/banner-plus.nse |
|
Back to top |
|
|