[asterisk-users] Decoding SIP register hack

Steve Edwards asterisk.org at sedwards.com
Thu May 17 16:24:11 CDT 2018

On Thu, 17 May 2018, Daniel Tryba wrote:

> You can do nothing to stop this kind of traffic. The only thing you can 
> do is block it, either using only a whitelist (cumbersome) or generate a 
> blacklist with for example fail2ban or a more elaborate honeypot setup. 
> Or setup a proxy that will filter patterns you discover from

Keep in mind that since this is UDP, source addresses can be spoofed so 
any automated solution will need a whitelist so you don't get tricked into 
blocking legitimate traffic.

And since you 'need a whitelist' why not just use that and block 
everything else?

A clever solution to a mobile user base is to use knockd to allow remote 

Thanks in advance,
Steve Edwards       sedwards at sedwards.com      Voice: +1-760-468-3867 PST

More information about the asterisk-users mailing list