Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
I
I
Igor2015-01-10 21:44:22
linux
Igor, 2015-01-10 21:44:22

How to properly organize the protection of a sip server?

Good day, dear users!
I ask for help in solving this problem:
There is a voip-server. For registration, the standard port 5060 is used. For security reasons, requests to port 5060 from any address were prohibited in the iptables rules. And also those ip-addresses are registered, who are allowed to register and, accordingly, call through the data server. Addresses are public and static, and there aren't many of them, to be honest.
Now the trouble is that there are clients using dynamic ip addresses. Prompt please, by what principle would it be "right" to organize access to the server for such clients?
1) Open access for all addresses - I would not want to
2) What if we create a rule in iptables that adds an IP if it persistently (a certain number of ~10 times) requests registration? Although it seems to me that this is the "wrong" crutch?
3) Or is there nowhere without a VPN?
I will be glad for your help and correct instructions on how best to organize access for such clients.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
E
Ergil Osin, 2015-01-10
@Ernillew

According to what you thought about the second paragraph
www.opennet.ru/tips/info/2265.shtml
habrahabr.ru/post/194412
port knocking

Report
T
tgz, 2015-01-11
@tgz

As an option:
1. make a separate sip server on a separate ip and create a sip account there without access to anywhere
2. The subscriber registers there with a separate login-password
3. After that, add his ip to the working server in the white list.
With all the zoo of client software and hardware, this method seems to me the most hemorrhoid-free.

Report
3
3ton, 2015-01-13
@3ton

I think it would be more correct to first determine what hacking methods are used for SIP.
To tell the truth, I have not come across this, but like most other hacks, these are default values ​​\u200b\u200bthat were not changed to their own during installation and configuration. There are a lot of projects with SIP telephony and I don’t think that they bind clients by IP.

Similar questions
C
crdrads2018-12-10 21:31:08
Why is it said that clip and mask are better for SVG than native CSS? 6Reply
A
anubis7472014-02-28 23:47:53
How to recover data on a server in Hetzner? 2Reply
A
Andrey_082020-08-21 22:27:21
How to implement UDP traffic redirection in both directions? 1Reply
M
m5xim2020-08-22 10:05:24
How to fix font size issue on a clean install of Ubuntu 20.04? 0Reply
K
krlljs2016-05-02 20:53:46
How to replace nodejs executable with node in Ubuntu 14.00? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question