Difference between revisions of "Blocking SIP Scanners"
From Kolmisoft Wiki
Jump to navigationJump to search
(Created page with '=About= To increase security MOR/M2 install additional iptables rules which block common SIP scanners and attack tools based on User-Agent string. <br><br> =Usage= Iptables rule…') |
|||
| (3 intermediate revisions by one other user not shown) | |||
| Line 1: | Line 1: | ||
=About= | =About= | ||
To increase security MOR/ | To increase security MOR/M4, install additional iptables rules that block common SIP scanners and attack tools based on the User-Agent string. | ||
<br><br> | <br><br> | ||
| Line 7: | Line 7: | ||
block_scanners_active = 1 | block_scanners_active = 1 | ||
block_scanners_list = friendly-scanner, sundayddr, sipsak, sipvicious, iWar, sipcli, VaxSIPUserAgent | block_scanners_list = friendly-scanner, sundayddr, sipsak, sipvicious, iWar, sipcli, VaxSIPUserAgent, pplsip | ||
By default, MOR/M2 will block scanners listed in block_scanners_list. You can remove or add scanners in this list, and the script automatically adjusts (script checks configuration every 15 minutes) iptables rules based on the current configuration. You can also execute the script manually to apply changes ASAP: | |||
/usr/local/mor/mor_block_scanners.sh | |||
<br><br> | <br><br> | ||
=How to disable= | =How to disable= | ||
If you want completely disable script and remove iptables rules, use these commands: | If you want to completely disable the script and remove the iptables rules, use these commands: | ||
MOR: | MOR: | ||
sed -i 's#block_scanners_active\s*=\s*1#block_scanners_active = 0#' /etc/mor/system.conf | sed -i 's#block_scanners_active\s*=\s*1#block_scanners_active = 0#' /etc/mor/system.conf | ||
| Line 20: | Line 23: | ||
iptables -XMOR-BLOCK-SCANNERS | iptables -XMOR-BLOCK-SCANNERS | ||
M4: | |||
sed -i 's#block_scanners_active\s*=\s*1#block_scanners_active = 0#' /etc/m2/system.conf | sed -i 's#block_scanners_active\s*=\s*1#block_scanners_active = 0#' /etc/m2/system.conf | ||
iptables -FM2-BLOCK-SCANNERS | iptables -FM2-BLOCK-SCANNERS | ||
Latest revision as of 13:39, 20 February 2026
About
To increase security MOR/M4, install additional iptables rules that block common SIP scanners and attack tools based on the User-Agent string.
Usage
Iptables rules are automatically installed on MOR (starting from X16) and M2 switches. The configuration is set in /etc/mor/system.conf file. Default configuration looks like this:
block_scanners_active = 1 block_scanners_list = friendly-scanner, sundayddr, sipsak, sipvicious, iWar, sipcli, VaxSIPUserAgent, pplsip
By default, MOR/M2 will block scanners listed in block_scanners_list. You can remove or add scanners in this list, and the script automatically adjusts (script checks configuration every 15 minutes) iptables rules based on the current configuration. You can also execute the script manually to apply changes ASAP:
/usr/local/mor/mor_block_scanners.sh
How to disable
If you want to completely disable the script and remove the iptables rules, use these commands:
MOR:
sed -i 's#block_scanners_active\s*=\s*1#block_scanners_active = 0#' /etc/mor/system.conf iptables -FMOR-BLOCK-SCANNERS iptables -D INPUT -j MOR-BLOCK-SCANNERS iptables -XMOR-BLOCK-SCANNERS
M4:
sed -i 's#block_scanners_active\s*=\s*1#block_scanners_active = 0#' /etc/m2/system.conf iptables -FM2-BLOCK-SCANNERS iptables -D INPUT -j M2-BLOCK-SCANNERS iptables -XM2-BLOCK-SCANNERS
