[asterisk-users] Attack on Sip server.

[Hans Witvliet]

On Fri, 2014-06-27 at 22:24 +0530, Anurag Rana wrote:

>                         
>                         iptables -I INPUT 1 -p tcp --dport 5060 -m string --string "VaxSIPUserAgent" --algo bm -j DROP
>                         
>                         
You make a fundamental mistake here.
Firewalls (both inline and hostbased) should drop everything by default.
And you should specifically accept what you are expecting and capable of
handling. Not the other way round.

Above rule is something like:
The front door is locked between 9:30 AM and 10:15 AM, as you expect
burgers to come to your house.