Blocking SIP Scanners
From Kolmisoft Wiki
Jump to navigationJump to search
About
To increase security MOR/M2 install additional iptables rules which block common SIP scanners and attack tools based on User-Agent string.
Usage
Iptables rules are automatically installed on MOR (starting from X16) and M2 switches. The configuration is set in /etc/mor/system.conf file. Default configuration looks like this:
block_scanners_active = 1 block_scanners_list = friendly-scanner, sundayddr, sipsak, sipvicious, iWar, sipcli, VaxSIPUserAgent
By default, MOR/M2 will block scanners listed in block_scanners_list. You can remove or add scanners in this list and the script automatically adjusts (script check configuration every 15 minutes) iptables rules base on the current configuration.
How to disable
If you want completely disable script and remove iptables rules, use these commands:
MOR:
sed -i 's#block_scanners_active\s*=\s*1#block_scanners_active = 0#' /etc/mor/system.conf iptables -FMOR-BLOCK-SCANNERS iptables -D INPUT -j MOR-BLOCK-SCANNERS iptables -XMOR-BLOCK-SCANNERS
M2:
sed -i 's#block_scanners_active\s*=\s*1#block_scanners_active = 0#' /etc/m2/system.conf iptables -FM2-BLOCK-SCANNERS iptables -D INPUT -j M2-BLOCK-SCANNERS iptables -XM2-BLOCK-SCANNERS