Blocking SIP Scanners

From Kolmisoft Wiki
Revision as of 13:39, 20 February 2026 by Admin (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

About

To increase security MOR/M4, install additional iptables rules that block common SIP scanners and attack tools based on the User-Agent string.



Usage

Iptables rules are automatically installed on MOR (starting from X16) and M2 switches. The configuration is set in /etc/mor/system.conf file. Default configuration looks like this: 

block_scanners_active = 1
block_scanners_list = friendly-scanner, sundayddr, sipsak, sipvicious, iWar, sipcli, VaxSIPUserAgent, pplsip

By default, MOR/M2 will block scanners listed in block_scanners_list. You can remove or add scanners in this list, and the script automatically adjusts (script checks configuration every 15 minutes) iptables rules based on the current configuration. You can also execute the script manually to apply changes ASAP: 

/usr/local/mor/mor_block_scanners.sh




How to disable

If you want to completely disable the script and remove the iptables rules, use these commands:

MOR: 

sed -i 's#block_scanners_active\s*=\s*1#block_scanners_active = 0#' /etc/mor/system.conf
iptables -FMOR-BLOCK-SCANNERS
iptables -D INPUT -j MOR-BLOCK-SCANNERS
iptables -XMOR-BLOCK-SCANNERS

M4: 

sed -i 's#block_scanners_active\s*=\s*1#block_scanners_active = 0#' /etc/m2/system.conf
iptables -FM2-BLOCK-SCANNERS
iptables -D INPUT -j M2-BLOCK-SCANNERS
iptables -XM2-BLOCK-SCANNERS



See also

Retrieved from "https://wiki.kolmisoft.com/index.php?title=Blocking_SIP_Scanners&oldid=30891"