UDP being stateless and connection-unaware as it is (unless you're using
TCP transport), there's not really a meaningful sense in which your
Asterisk "answers" as there is no initial dialogue or handshake. It
simply replies to messages on an atomic basis.
Thus, it is even more difficult than with TCP services to ascertain the
nature of an incoming message prior to its processing; about the only
thing that could accomplish this is a firewall with an ALG (Application
Layer Gateway) that is SIP aware and allows one to configure restrictions
based on deep packet inspection for valid SIP criteria, and I strongly
doubt such a thing exists.
I wouldn't worry about port scans, personally. If they are very
voluminous than you can simply make firewall restrictions as needed.
-- Alex
On Wed, 17 Oct 2007, Turbo Fredriksson wrote:
> Anything to do about portscans? Is there any way (should I) to see
> if the connection is a legit (only SIP currently) connection BEFORE
> my * answers?
>
>
> [2007-10-17 19:23:46] WARNING[4191]: chan_sip.c:6624
determine_firstline_parts: Bad request protocol 01@<ASTERISK_IP> SIP/2.0
> -- Executing [s at default:1]
Answer("SIP/sip.jmg.se-081dd730", "") in new stack
> [2007-10-17 19:23:46] WARNING[4191]: chan_sip.c:6624
determine_firstline_parts: Bad request protocol 01@<ASTERISK_IP> SIP/2.0
> [2007-10-17 19:23:56] WARNING[10123]: pbx.c:2505 __ast_pbx_run: Timeout,
but no rule 't' in context 'default'
>
> Last line already fixed by adding such a rule - just Hangup() for now...
>
>
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
--
Alex Balashov
Evariste Systems
Web : http://www.evaristesys.com/
Tel : +1-678-954-0670
Direct : +1-678-954-0671