Difference between revisions of "Blocking SIP Scanners"

From Kolmisoft Wiki
Jump to navigationJump to search
(Created page with '=About= To increase security MOR/M2 install additional iptables rules which block common SIP scanners and attack tools based on User-Agent string. <br><br> =Usage= Iptables rule…')
 
Line 9: Line 9:
  block_scanners_list = friendly-scanner, sundayddr, sipsak, sipvicious, iWar, sipcli, VaxSIPUserAgent
  block_scanners_list = friendly-scanner, sundayddr, sipsak, sipvicious, iWar, sipcli, VaxSIPUserAgent


By default, MOR/M2 will block scanners listed in block_scanners_list. You can remove or add scanners in this list and the script automatically adjust (script check configuration every 15 minutes) iptables rules base on current configuration.
By default, MOR/M2 will block scanners listed in block_scanners_list. You can remove or add scanners in this list and the script automatically adjusts (script check configuration every 15 minutes) iptables rules base on the current configuration.


<br><br>
<br><br>
=How to disable=
=How to disable=
If you want completely disable script and remove iptables rules, use these commands:
If you want completely disable script and remove iptables rules, use these commands:
MOR:
MOR:
  sed -i 's#block_scanners_active\s*=\s*1#block_scanners_active = 0#' /etc/mor/system.conf
  sed -i 's#block_scanners_active\s*=\s*1#block_scanners_active = 0#' /etc/mor/system.conf

Revision as of 09:25, 16 September 2020

About

To increase security MOR/M2 install additional iptables rules which block common SIP scanners and attack tools based on User-Agent string.



Usage

Iptables rules are automatically installed on MOR (starting from X16) and M2 switches. The configuration is set in /etc/mor/system.conf file. Default configuration looks like this: 

block_scanners_active = 1
block_scanners_list = friendly-scanner, sundayddr, sipsak, sipvicious, iWar, sipcli, VaxSIPUserAgent

By default, MOR/M2 will block scanners listed in block_scanners_list. You can remove or add scanners in this list and the script automatically adjusts (script check configuration every 15 minutes) iptables rules base on the current configuration.



How to disable

If you want completely disable script and remove iptables rules, use these commands:

MOR: 

sed -i 's#block_scanners_active\s*=\s*1#block_scanners_active = 0#' /etc/mor/system.conf
iptables -FMOR-BLOCK-SCANNERS
iptables -D INPUT -j MOR-BLOCK-SCANNERS
iptables -XMOR-BLOCK-SCANNERS

M2: 

sed -i 's#block_scanners_active\s*=\s*1#block_scanners_active = 0#' /etc/m2/system.conf
iptables -FM2-BLOCK-SCANNERS
iptables -D INPUT -j M2-BLOCK-SCANNERS
iptables -XM2-BLOCK-SCANNERS



See also

Retrieved from "https://wiki.kolmisoft.com/index.php?title=Blocking_SIP_Scanners&oldid=25851"