[VoiceOps] Fraud fun
Alex Balashov
abalashov at evaristesys.com
Wed May 18 13:40:37 EDT 2011
On 05/18/2011 01:34 PM, Mark R Lindsey wrote:
> Cool use if iptables. There's definitely short-term tactical value in
> taking advantage of the signature "friend-scanner"
It really is limited. Packet payload inspection is orders of magnitude
slower than the evaluation of most firewall rules, which operate solely
on network and transport layer headers, and utilise the hash & tree
structures with which the netfilter is extensively optimised. That is
why constraining that check to the SIP service port--as opposed to all
inbound packets, or all inbound UDP--is quite important.
Still, for a lonely PBX it's a decent short-term way to deal with
SIPvicious.
> -- It's just a matter of time before they remove the string
> "friendly-scanner" from their SIP messages.
Absolutely true.
--
Alex Balashov - Principal
Evariste Systems LLC
260 Peachtree Street NW
Suite 2200
Atlanta, GA 30303
Tel: +1-678-954-0670
Fax: +1-404-961-1892
Web: http://www.evaristesys.com/
More information about the VoiceOps
mailing list