SIP Registration Hack Attempt - How to guard against?*RSLVD*

Discuss any topic about Brekeke SIP Server.

Moderator: Brekeke Support Team

Post Reply
User avatar
KentC
Posts: 108
Joined: Fri Dec 09, 2011 2:27 pm
Location: rw-rw-rw-

SIP Registration Hack Attempt - How to guard against?*RSLVD*

Post by KentC »

1. Brekeke Product Name and version:
Brekeke Sip Server 2.x
2. Java version:
Jre 1.6
3. OS type and the version:
Centos 5.6
4. UA (phone), gateway or other hardware/software involved:
N/A
5. Select your network pattern from http://www.brekeke-sip.com/bbs/network/ ... terns.html :
Enterprise
6. Your problem:

Brekeke Community,

Crazy situation.. So we had a hack attempt this morning...The
HeartBeat kept failing on a production server we have traffic on due to a SIP registration hack attempt originating from China. It has been blocked.

My question is do to the ever-growing attempts/attacks like this, how could we better protect ourselves moving forward against hackers like this? I saw the heartbeat go down 3 times till this was found and issue fixed early this morning.

Please advise. Thank you.



Kent C.
Last edited by KentC on Tue Oct 02, 2012 3:08 pm, edited 1 time in total.
Top
hope
Posts: 862
Joined: Tue Jan 15, 2008 4:08 pm

Post by hope »

http://wiki.brekeke.com/wiki/Avoid-attacks
Top
tuie2
Posts: 57
Joined: Fri Jan 23, 2009 5:16 pm

Post by tuie2 »

Also you can set trusted IP addresses in the router.
If you are using unix-like OS (e.g. Linux), tune the iptables to define trusted IP addresses.

https://isc.sans.edu/port.html?port=5060
There are many attacks to the port-5060 everyday.
Top
User avatar
KentC
Posts: 108
Joined: Fri Dec 09, 2011 2:27 pm
Location: rw-rw-rw-

Post by KentC »

Thank you for all the advice! I will save for the future since I didn't have a gameplan when this happened.
Top
Post Reply

Return to “Brekeke SIP Server Forum”