I have an iPBX 13 hosted locally. My staff noted this week they get a call listed as SIPvicious. I search about this and it looks this is a SIP scanner. Does not show on the CDR reports. What is your advise to find it a and stop it?
Thank you, i really appreciate it. I installed IncrediblePBX 13 following Ward instructions. When I set it up I used ./add-fqdn to whitelist the my specific servers for VOIP.MS and VitelityAdd this to your IPtables:
#drop sipvicious attacks
-I INPUT -j DROP -p udp --dport 5060 -m string --string "friendly-scanner" --algo bm
-I INPUT -j DROP -p udp --dport 5060 -m string --string "VaxSIPUserAgent" --algo bm
-I INPUT -j DROP -p udp --dport 5060 -m string --string "sundayddr" --algo bm
-I INPUT -j DROP -p udp --dport 5060 -m string --string "sipsak" --algo bm
-I INPUT -j DROP -p udp --dport 5060 -m string --string "sipvicious" --algo bm
-I INPUT -j DROP -p udp --dport 5060 -m string --string "iWar" --algo bm
-I INPUT -j DROP -p udp --dport 5060 -m string --string "sip-scan" --algo bm
-I INPUT -j DROP -p udp --dport 5060 -m string --string "sipcli" --algo bm
-I INPUT -j DROP -p udp --dport 5060 -m string --string "pplsip" --algo bm
# End sip attacks
But also be sure to use whitelist and hopefully allow registrations from FQDN only
Link up your team and customers Phone System Live Chat Video Conferencing
Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.
Check your inbox!
We’ve sent you an email. Click on the button in the email body to verify your email address – (if you can not find it, check your spam folder).
Upon verification you will be directed to the 3CX setup wizard.