On 05/18/2011 01:34 PM, Mark R Lindsey wrote:
Cool use if iptables. There's definitely short-term tactical value in taking advantage of the signature "friend-scanner"
It really is limited. Packet payload inspection is orders of magnitude slower than the evaluation of most firewall rules, which operate solely on network and transport layer headers, and utilise the hash & tree structures with which the netfilter is extensively optimised. That is why constraining that check to the SIP service port--as opposed to all inbound packets, or all inbound UDP--is quite important. Still, for a lonely PBX it's a decent short-term way to deal with SIPvicious.
-- It's just a matter of time before they remove the string "friendly-scanner" from their SIP messages.
Absolutely true. -- Alex Balashov - Principal Evariste Systems LLC 260 Peachtree Street NW Suite 2200 Atlanta, GA 30303 Tel: +1-678-954-0670 Fax: +1-404-961-1892 Web: http://www.evaristesys.com/