Displaying 1 result from an estimated 1 matches for "vaxsipuseragent".
2014 Jun 27
4
Attack on Sip server.
...tect the IP address.
I used wireshark to capture the packets.
Although I am using very strong password for my SIP users but still is
there any way to drop these packets and stop this attack.
I tried dropping packet after matching some string (most of the packets
from attacker contains string 'VaxSIPUserAgent/3.1' ) but it failed.
Packets are still flowing in.
iptables -I INPUT 1 -p tcp --dport 5060 -m string --string
"VaxSIPUserAgent" --algo bm -j DROP
?Its something like this
Registration from '"30" <sp:30 at my_public_ip:5060> failed for
'192.168.xxx.xxx:6373...