[VoiceOps] Fraud fun

Alex Balashov abalashov at evaristesys.com
Wed May 18 13:40:37 EDT 2011


On 05/18/2011 01:34 PM, Mark R Lindsey wrote:

> Cool use if iptables. There's definitely short-term tactical value in
> taking advantage of the signature "friend-scanner"

It really is limited.  Packet payload inspection is orders of magnitude 
slower than the evaluation of most firewall rules, which operate solely 
on network and transport layer headers, and utilise the hash & tree 
structures with which the netfilter is extensively optimised.  That is 
why constraining that check to the SIP service port--as opposed to all 
inbound packets, or all inbound UDP--is quite important.

Still, for a lonely PBX it's a decent short-term way to deal with 
SIPvicious.

> -- It's just a matter of time before they remove the string
> "friendly-scanner" from their SIP messages.

Absolutely true.

-- 
Alex Balashov - Principal
Evariste Systems LLC
260 Peachtree Street NW
Suite 2200
Atlanta, GA 30303
Tel: +1-678-954-0670
Fax: +1-404-961-1892
Web: http://www.evaristesys.com/


More information about the VoiceOps mailing list