1. 24
  1. 1

    Apparently this friendly-scanner thing is pretty well known: https://blog.kolmisoft.com/sip-attack-friendly-scanner/

    At least it’s cheerful!

    1. 3

      Yeah, spin up a SIP server on any public cloud instance and within minutes you’ll start seeing your neighborhood friendly-scanners hitting your server.

    2. 1

      That is awesome that the author resolved the issue with just a simple script. Very clever. There are known SIP user-agents that should just be blocked outright since no honest actor is using them. There is also Kamailio’s anti-flood machanisms to help protect your SIP network.

      Or if you know JavaScript you can us Drachtio to quickly write something to block whatever you need.

      1. 2

        Wow, thanks for linking Drachtio (link is broken but I looked it up). Seems awesome.

        Where I used to work we had a list of about 16 user agents that were just instantly dropped, lol.

        1. 1

          Fixed the link. Yeah, it’s really cool and fun to work with. Getting to do SIP directly in a programming language is nice. All the SIP server configs get cumbersome. The creator has a lot of good example projects on his github. If you need any help feel free to message me.