Summary:ASTERISK-17603: Block Agent friendly scanner
Reporter:Stefan Schmidt (schmidts)Labels:
Date Opened:2011-03-24 08:08:34Date Closed:2011-06-07 14:10:41
Versions:1.8.3 Frequency of
Description:its just an idea, cause i use this on a kamailio proxy. do you think it would be a good idea to block sip packets from agent "friendly scanner" AKA sipvicous.

most of the script kiddies out there even dont change the agent when using sipvicous and if we would silent add this to the source tree we could help users to be a little bit more secure.

i know this is just security by obscurity and thats why i opened a private issue instead of posting it directly to the dev list.

we can also add a sip option to disable the behavior of blocking packets but it should be on by default.


if you think this is a good idea, we should keep this private ;)
Comments:By: Leif Madsen (lmadsen) 2011-04-05 11:03:07

Personally I don't see any the developers looking to really spend any time on this. What I'd prefer to see would be some sort of method to block people based on criteria. Instead of the code having "friendly scanner" statically coded, you should be able to block calls based on defined criteria in a configuration file.

While that is significantly more work, giving the administrator control of what they want to block is the ideal, and can then be customized by the admin. We could supply a list of common things to block, but this approach you've brought up specifically doesn't really do anything for me.

By: Leif Madsen (lmadsen) 2011-04-05 11:05:18

Actually malcolmd reminded me of this:  https://wiki.asterisk.org/wiki/display/AST/SIP+Security+Events

That is really the solution to this problem. I'm going to close this issue in favour of pointing people to working towards getting the security events code moved forward.