[App_rpt-users] Bogus SIP registrations

Jim Duuuude telesistant at hotmail.com
Sun Jun 23 17:52:54 EDT 2013

Change your SIP port to something completely weird and non-standard
(from 5060). You'll likely never hear from whoever it is again.

Sometimes "security by obscurity" really *does* effectively function.


> Date: Sun, 23 Jun 2013 13:57:40 -0600
> From: kb0kzr at matthouse.com
> To: app_rpt-users at ohnosec.org
> Subject: [App_rpt-users] Bogus SIP registrations
> All--
> While diagnosing another problem (which I will post about in a little bit
> if I can't get it figured out, but I wanted to keep separate threads
> separate) -- suddenly somebody started sending me a ton of bogus SIP
> registrations.  The source-IP is for whatever that may be
> worth.  I thought about firewalling it, but I don't think SIP is required
> at all for app_rpt to work?  So I disabled chan_sip entirely in
> modules.conf.
> Just throwing it out there as something to consider for other app_rpt
> nodes...  I don't know of any security flaws in chan_sip, but I figured
> since it isn't being used there's no reason to run it.
> -Matt-
> _______________________________________________
> App_rpt-users mailing list
> App_rpt-users at ohnosec.org
> http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.allstarlink.org/pipermail/app_rpt-users/attachments/20130623/9fd70d80/attachment.html>

More information about the App_rpt-users mailing list