Firewall Wizards mailing list archives
Re: SIP dictionary attacks
From: "Paul D. Robertson" <paul () compuwar net>
Date: Thu, 2 Apr 2009 14:31:09 -0500 (EST)
On Thu, 2 Apr 2009, Lord Sporkton wrote:
I'm using openbsd as my firewall, in which there is a connection/time feature. I can set it to block any ip that makes X connection with in X time. for instance if someone connects to my ssh port more than 3 times in 30 seconds, they get blocked, since your on sip, you could do like say, anyone connecting more than 5 times in 5 minutes gets blocked, sip usually doesnt have that many connections, it just connects then its up sorta thing.
That would DoS attack any external SIP phones, especially soft phones or those on dynamically assigned addresses from typical "home" internet providers."
I believe there is a version of this in iptables, but ive never seen it in a hardware firewall. That is at least how i solved the problem you face.
That doesn't solve the problem any better than pure IP address space
restrictions and sometimes makes it worse.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul () compuwar net which may have no basis whatsoever in fact."
Moderator: Firewall-Wizards mailing list
Art: http://PaulDRobertson.imagekind.com/
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- SIP dictionary attacks Paul D. Robertson (Apr 01)
- Re: SIP dictionary attacks Lord Sporkton (Apr 02)
- Re: SIP dictionary attacks Paul D. Robertson (Apr 02)
- Re: SIP dictionary attacks Lord Sporkton (Apr 02)
- Re: SIP dictionary attacks Paul D. Robertson (Apr 02)
- Re: SIP dictionary attacks Paul D. Robertson (Apr 02)
- Re: SIP dictionary attacks Joe Nall (Apr 04)
- Re: SIP dictionary attacks Lord Sporkton (Apr 02)