Re: SIP dictionary attacks

[Lord Sporkton <lordsporkton () gmail com>]

Umm....what?

Once the sip is connected it will stay up and connected. If a sip
phone is connecting back to the sip server more than 5 times in 5
minutes you have some serious issues going on.

2009/4/2 Paul D. Robertson <paul () compuwar net>:
> On Thu, 2 Apr 2009, Lord Sporkton wrote:
>
> > I'm using openbsd as my firewall, in which there is a connection/time
> > feature. I can set it to block any ip that makes X connection with in
> > X time. for instance if someone connects to my ssh port more than 3
> > times in 30 seconds, they get blocked, since your on sip, you could do
> > like say, anyone connecting more than 5 times in 5 minutes gets
> > blocked, sip usually doesnt have that many connections, it just
> > connects then its up sorta thing.
>
> That would DoS attack any external SIP phones, especially soft phones or
> those on dynamically assigned addresses from typical "home" internet
> providers."
>
> > I believe there is a version of this in iptables, but ive never seen
> > it in a hardware firewall.
> >
> > That is at least how i solved the problem you face.
>
> That doesn't solve the problem any better than pure IP address space
> restrictions and sometimes makes it worse.
>
> Paul
> -----------------------------------------------------------------------------
> Paul D. Robertson      "My statements in this message are personal opinions
> paul () compuwar net       which may have no basis whatsoever in fact."
>           Moderator: Firewall-Wizards mailing list
>           Art: http://PaulDRobertson.imagekind.com/
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () listserv icsalabs com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards