[App_rpt-users] Bogus SIP registrations
telesistant at hotmail.com
Sun Jun 23 17:52:54 EDT 2013
Change your SIP port to something completely weird and non-standard
(from 5060). You'll likely never hear from whoever it is again.
Sometimes "security by obscurity" really *does* effectively function.
> Date: Sun, 23 Jun 2013 13:57:40 -0600
> From: kb0kzr at matthouse.com
> To: app_rpt-users at ohnosec.org
> Subject: [App_rpt-users] Bogus SIP registrations
> While diagnosing another problem (which I will post about in a little bit
> if I can't get it figured out, but I wanted to keep separate threads
> separate) -- suddenly somebody started sending me a ton of bogus SIP
> registrations. The source-IP is 188.8.131.52 for whatever that may be
> worth. I thought about firewalling it, but I don't think SIP is required
> at all for app_rpt to work? So I disabled chan_sip entirely in
> Just throwing it out there as something to consider for other app_rpt
> nodes... I don't know of any security flaws in chan_sip, but I figured
> since it isn't being used there's no reason to run it.
> App_rpt-users mailing list
> App_rpt-users at ohnosec.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the App_rpt-users