FOOD FOR THOUGHT How to hide info from scanners

turalo

Member
Joined
Oct 10, 2013
Messages
75
Reaction score
1
Hi guys,

I wonder, is there a way to hide all information from scanners ?
For example if criminals are scanning my network with sipvicious tools etc.. they get response from my server, that shows that it is Asterisk, and the version etc...
So, is there a way that I can mask / hide this ? sothat when they scan it, then there is something else ?

also the function : alwaysauthreject=yes

I dont have it in my sip.conf, and also dont have it in sip_custom

but still when I scan my server, my server does not shows any extension numbers etc...
so basicly I'm happy that it's not showing extra info, I just want to know why there is nowhere the alwaysauthreject option in those files ?
I'm using an older version 1.4 of asterisk, wich I'm planning to remove.

thanks in advance.
 

jeff.h

Guru
Joined
Dec 1, 2010
Messages
502
Reaction score
71
Wouldn't using IP Tables and whitelisting only the IPs you want through solve that?
 

turalo

Member
Joined
Oct 10, 2013
Messages
75
Reaction score
1
No, it wouldnt. Because I have mobile users on it, it means they can and do change Ip adresses. so it would be unpossible to keep up :)
 

turalo

Member
Joined
Oct 10, 2013
Messages
75
Reaction score
1
I dont know, I have to admit that I have never been able to completely understand traveln man, I need to focus on it and see to get it in my brain ? :( i'm going to read it now, to see if it's the solution to my problem.
I have diferent types of users on my system, most of them are stable users with home or office voip phones. so IP stays mostly same, but some of them have softphones on laptops or on mobile phones so they are not always online, they could just start a softphone make a calll and turn it off. next time the 4G modem or 3G modem will connect to the provider and get new IP, call will be made then will turn of.
 

jroper

Guru
Joined
Oct 20, 2007
Messages
3,832
Reaction score
71
Hi

In iptables, you could add the following rule,

Code:
iptables -I INPUT -j DROP -p udp --dport 5060 -m string --string "friendly-scanner" --algo bm

Most users of SIPVicious don't change the "Friendly Scanner" which is presented in the SIP message. This rule blocks virtually all SIPVicious scanning attacks.

Joe
 

turalo

Member
Joined
Oct 10, 2013
Messages
75
Reaction score
1
isn't that kinda what Travel'n Man does?


Huckda, I have been reading the travelin man's fucused this time, and understood completely the idea and the technics of it. Now I understand why I didnot use it, it was not that I didnot undestood, it was the problem that it's not suitable in my situation.
The type of customers that I have are not the type that will be able to follow all steps, altough the steps are just 2 :D but still. In this harsh times for all VOIP service providers, this will only my service complicated.
It's already complicated for some of people to start a separate app to be able to call, people are to spoiled, they are expecting everything to work just out the box, they do not want to go 1-2 steps, to be able to call.
Specially when there is a competition that sells same services but without extra steps.

So to reply to your suggestion, Yes travelin man travels :) , no it does not solve my problem.
There must be some other way to lockdown the server and still be able to use it for mobile users. VPN is also a problem, because of compatibility and extra steps.

any another idea is much much aprisciated.
 

turalo

Member
Joined
Oct 10, 2013
Messages
75
Reaction score
1
Hi

In iptables, you could add the following rule,

Code:
iptables -I INPUT -j DROP -p udp --dport 5060 -m string --string "friendly-scanner" --algo bm

Most users of SIPVicious don't change the "Friendly Scanner" which is presented in the SIP message. This rule blocks virtually all SIPVicious scanning attacks.

Joe


Thanks for this, I will use this, but I think this one wouldnot last long :)
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
There's also PortKnocker and Travelin' Man 4 for remote users now. Visit Nerd Vittles for details.
 

turalo

Member
Joined
Oct 10, 2013
Messages
75
Reaction score
1
There's also PortKnocker and Travelin' Man 4 for remote users now. Visit Nerd Vittles for details.

Travelin' Man 4 need even more interaction by user.

the travelin man 3 i in comparison much easyer.
 

Members online

No members online now.

Forum statistics

Threads
25,781
Messages
167,507
Members
19,201
Latest member
troutpocket
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Top