SIP Attack protection for RouterOS

maximan · February 1, 2011, 4:11pm

There are a project to make a list of IP that are attacking with bruteforce some PBX SIP.

Site: http://infiltrated.net/
Project: http://infiltrated.net/voipabuse/
List: http://www.infiltrated.net/vabl.txt
RouterOS Import Format: http://mikrotikexpert.com/sip_attack/
I create an script to import this list on RouterOS and protect the PBX IP with firewall.

http://wiki.mikrotik.com/wiki/How_to_Block_SIP_Attack_spanish

It’s on spanish, i will finish the english version soon.

Suggestions are welcome

M.

chapex · February 1, 2011, 6:50pm

great job gordero! regards

mantonio · January 12, 2016, 5:49pm

Hi sir!

Offline links, can u repost it?

Regards!

soyelpulpo · January 15, 2016, 3:56am

Max it’s also important to mention, as you have done on your training sessions: try not to expose your PBX to the public.

Thanks for the post! See you in February

jonatilano · January 31, 2016, 5:44am

Everybody, I am new to Mikrotik and was thrown into setting up SIP PBX’s. I am actually getting it done thank God. We use a SIP server and virtual switch and of course I am using Mikrotiks as a router- even taking out ISP’s modems/routers and putting my MT in place.
I am having to monitor my connections remotely and block unwanted IP traffic resulting in ghost calls.
I copy and paste the IP and the port into a filter rule and drop it. This ‘seems’ to be working.
How do I import a list of known SIP attack IP’s. Where do I get a list I can trust. How do I set up Dude to monitor the routers.
Help!