[asterisk-users] Portscans and Asterisk

Alex Balashov abalashov at evaristesys.com
Wed Oct 17 16:13:53 CDT 2007


UDP being stateless and connection-unaware as it is (unless you're using 
TCP transport), there's not really a meaningful sense in which your
Asterisk "answers" as there is no initial dialogue or handshake.  It 
simply replies to messages on an atomic basis.

Thus, it is even more difficult than with TCP services to ascertain the 
nature of an incoming message prior to its processing;  about the only 
thing that could accomplish this is a firewall with an ALG (Application 
Layer Gateway) that is SIP aware and allows one to configure restrictions 
based on deep packet inspection for valid SIP criteria, and I strongly 
doubt such a thing exists.

I wouldn't worry about port scans, personally.  If they are very 
voluminous than you can simply make firewall restrictions as needed.

-- Alex

On Wed, 17 Oct 2007, Turbo Fredriksson wrote:

> Anything to do about portscans? Is there any way (should I) to see
> if the connection is a legit (only SIP currently) connection BEFORE
> my * answers?
>
>
> [2007-10-17 19:23:46] WARNING[4191]: chan_sip.c:6624 determine_firstline_parts: Bad request protocol 01@<ASTERISK_IP> SIP/2.0
>    -- Executing [s at default:1] Answer("SIP/sip.jmg.se-081dd730", "") in new stack
> [2007-10-17 19:23:46] WARNING[4191]: chan_sip.c:6624 determine_firstline_parts: Bad request protocol 01@<ASTERISK_IP> SIP/2.0
> [2007-10-17 19:23:56] WARNING[10123]: pbx.c:2505 __ast_pbx_run: Timeout, but no rule 't' in context 'default'
>
> Last line already fixed by adding such a rule - just Hangup() for now...
>
>
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>

--
Alex Balashov
Evariste Systems
Web    : http://www.evaristesys.com/
Tel    : +1-678-954-0670
Direct : +1-678-954-0671



More information about the asterisk-users mailing list