Created
December 24, 2017 10:23
-
-
Save arsperger/e93f8428caf7c4f6343e91e8e5d3c27b to your computer and use it in GitHub Desktop.
Simple script to stop SIP DDoS attack with Iptables rules
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
iptables -N SIPDDOS | |
iptables -A INPUT -p all -m string --string "sundayddr" --algo bm --to 65535 -m comment --comment "deny sundayddr" -j SIPDDOS | |
iptables -A INPUT -p all -m string --string "sipsak" --algo bm --to 65535 -m comment --comment "deny sipsak" -j SIPDDOS | |
iptables -A INPUT -p all -m string --string "sipvicious" --algo bm --to 65535 -m comment --comment "deny sipvicious" -j SIPDDOS | |
iptables -A INPUT -p all -m string --string "friendly-scanner" --algo bm --to 65535 -m comment --comment "deny friendly-scanner" -j SIPDDOS | |
iptables -A INPUT -p all -m string --string "iWar" --algo bm --to 65535 -m comment --comment "deny iWar" -j SIPDDOS | |
iptables -A INPUT -p all -m string --string "sip-scan" --algo bm --to 65535 -m comment --comment "deny sip-scan" -j SIPDDOS | |
iptables -A INPUT -p all -m string --string "hinet.net" --algo kmp -m comment --comment "deny hinet.net" -j SIPDDOS | |
iptables -A INPUT -p all -m string --string "sipcli" --algo kmp -m comment --comment "deny sipcli" -j SIPDDOS | |
iptables -A INPUT -p all -m string --string "VaxSIPUserAgent" --algo kmp -m comment --comment "deny VaxSIPUserAgent" -j SIPDDOS | |
iptables -A SIPDDOS -j LOG --log-prefix "firewall-sipddos: " --log-level 6 | |
iptables -A SIPDDOS -j DROP |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment