Answer the question
In order to leave comments, you need to log in
How to properly organize the protection of a sip server?
Good day, dear users!
I ask for help in solving this problem:
There is a voip-server. For registration, the standard port 5060 is used. For security reasons, requests to port 5060 from any address were prohibited in the iptables rules. And also those ip-addresses are registered, who are allowed to register and, accordingly, call through the data server. Addresses are public and static, and there aren't many of them, to be honest.
Now the trouble is that there are clients using dynamic ip addresses. Prompt please, by what principle would it be "right" to organize access to the server for such clients?
1) Open access for all addresses - I would not want to
2) What if we create a rule in iptables that adds an IP if it persistently (a certain number of ~10 times) requests registration? Although it seems to me that this is the "wrong" crutch?
3) Or is there nowhere without a VPN?
I will be glad for your help and correct instructions on how best to organize access for such clients.
Answer the question
In order to leave comments, you need to log in
According to what you thought about the second paragraph
www.opennet.ru/tips/info/2265.shtml
habrahabr.ru/post/194412
port knocking
As an option:
1. make a separate sip server on a separate ip and create a sip account there without access to anywhere
2. The subscriber registers there with a separate login-password
3. After that, add his ip to the working server in the white list.
With all the zoo of client software and hardware, this method seems to me the most hemorrhoid-free.
I think it would be more correct to first determine what hacking methods are used for SIP.
To tell the truth, I have not come across this, but like most other hacks, these are default values \u200b\u200bthat were not changed to their own during installation and configuration. There are a lot of projects with SIP telephony and I don’t think that they bind clients by IP.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question