isn-discuss - Re: [isn-discuss] anybody use ITAD
Subject: Discussion List for Freenum/ITAD Subscriber Number (ISN) Project
List archive
- From: Christan <>
- To: "" <>, John Covert <>
- Cc: "" <>
- Subject: Re: [isn-discuss] anybody use ITAD
- Date: Tue, 5 Sep 2017 21:07:15 +0000 (UTC)
- Ironport-phdr: 9a23:pZE8EBLwUWqveIlxOdmcpTZWNBhigK39O0sv0rFitYgfKv3xwZ3uMQTl6Ol3ixeRBMOAuqIC07KempujcFRI2YyGvnEGfc4EfD4+ouJSoTYdBtWYA1bwNv/gYn9yNs1DUFh44yPzahANS47xaFLIv3K98yMZFAnhOgppPOT1HZPZg9iq2+yo9ZDeZwZFiCChbb9uMR67sRjfus4KjIV4N60/0AHJonxGe+RXwWNnO1eelAvi68mz4ZBu7T1et+ou+MBcX6r6eb84TaFDAzQ9L281/szrugLdQgaJ+3ART38ZkhtMAwjC8RH6QpL8uTb0u+ZhxCWXO9D9QKsqUjq+8ahkVB7oiD8GNzEn9mHXltdwh79frB64uhBz35LYbISTOfFjfK3SYMkaSHJPUMhRTSxPHICyYIkBD+QcMulXs47zqkAUoheiHwSjH/nixiNKi3LwwKY00/4hEQbD3AE4Ad8OsG7UrNTuNKcOS++1yrTDwDLZYP9I3Df855PFcxA7rvGMWrJwdtDdxlUoFwPAlFmQrIPkMiqT2+8QvWab6O9gWviui24hswxxoDivydsoionOgYIV0UrI+jl+wIYwI9CzVU11Yca8HZZRtiyWLZZ6T8IsTm1ypSo3yb0LtYS1cSUFzpks2gTRZOadc4eS5xLuTOaRLil8hHJiYL+/nBGy8U6hyuLgWMS4zVhHojNYntXRrHwCyxvT6s6cSvt45EetwzOP2BrS6uFAO0w0k7TUJ4M7zr8wjJUTsUPDHijslErqi6+Wc10o+umu6+v5frXrvp6ROo5uhg3jM6kjlNazDfk7PwUORWSW9+ux2KXm/ULjQbVKivM2krPesJDfPckUvLC1Awpa04s46xewFTem0NMfnXUdMF1FfxeHg5LsO1DBOPz4F+uwg0ywkDd3wPDLJrzhAo7LLnTajbjhfK195FJByAoo1tBS/JZUCrAaIPLvQU/9qsbUDh4/Mwyo3ennEtN92Z0CWW6RGKOWLr7dsULbrt4odqONf4lQtDfmIOU+/Nbgl3I0n0IYO66z0tFfPHGjGLFqIl6SfGH3qtkbHGoMow94S/bl3hnKczlTYT6ZWLwx/C1zXImhE4rZWqimh6KMxjv9GYdZMDN8B0iIAEvvIq6EQfYXdCuUaptoyDkUfamoS4gmkxqpsUn/2+w0APDT/3gztYjiz8R84aWHnEs35RRlBsSa1CeGSGQym3NeFGx+57x2vUEokgTL6qN/mfENUIULv/4=
Thanks to everyone.
I will try to implement and testing, i'm from Guatemala, I'll make a signature with Snort and Kamailio, maybe first month use an Asterisk out of production and see how the attackers try to gain access in the system and tune Snort.
El Martes, 5 de septiembre, 2017 11:58:11, James Cloos <> escribió:
>>>>> "JC" == John Covert <> writes:
JC> If you firewall SIP from all but a few whitelisted addresses, then
JC> there is no point at all to ISN dialing via an ITAD number which
JC> your employees put on their business cards, is there?
The pbx firewalls. The sip proxy is in the whitelist and blocks
attacks.
For example, if you dial 8463*368 the naptr converts that to
sip:8463* which a SRV sends to gate.jhcloos.com.
Gate looks at the INVITEd URI, recognizes 8463* as
legitimate and passes it on to an asterisk, which reports the current
UTC time.
If you want to accept general sip calls you need to avoid the constant
attacks. Sip proxies like kamailio do a significantly better job of
that than pbxes like asterisk. If only because they are programable.
(My testing ISNs are listed at: http://jhcloos.com/sip-itad-isn/ )
-JimC
--
James Cloos <> OpenPGP: 0x997A9F17ED7DAEA6
JC> If you firewall SIP from all but a few whitelisted addresses, then
JC> there is no point at all to ISN dialing via an ITAD number which
JC> your employees put on their business cards, is there?
The pbx firewalls. The sip proxy is in the whitelist and blocks
attacks.
For example, if you dial 8463*368 the naptr converts that to
sip:8463* which a SRV sends to gate.jhcloos.com.
Gate looks at the INVITEd URI, recognizes 8463* as
legitimate and passes it on to an asterisk, which reports the current
UTC time.
If you want to accept general sip calls you need to avoid the constant
attacks. Sip proxies like kamailio do a significantly better job of
that than pbxes like asterisk. If only because they are programable.
(My testing ISNs are listed at: http://jhcloos.com/sip-itad-isn/ )
-JimC
--
James Cloos <
- [isn-discuss] anybody use ITAD, a2mx, 09/04/2017
- Re: [isn-discuss] anybody use ITAD, James Cloos, 09/04/2017
- Re: [isn-discuss] anybody use ITAD, John Covert, 09/04/2017
- Re: [isn-discuss] anybody use ITAD, Maxim Samo, 09/04/2017
- Re: [isn-discuss] anybody use ITAD, James Cloos, 09/05/2017
- Re: [isn-discuss] anybody use ITAD, Christan, 09/05/2017
- Re: [isn-discuss] anybody use ITAD, John Covert, 09/04/2017
- Re: [isn-discuss] anybody use ITAD, James Cloos, 09/04/2017
Archive powered by MHonArc 2.6.19.