Stop SOME SipVicious attacks from reaching your Asterisk, FreeSwitch, YATE, etc. PBX server

This tip was posted by user “infotek” on the FreePBX site but applies to all software PBX systems that use the iptables firewall. “infotek” wrote:

By default the SipVicious scanner uses the ua : “friendly-scanner”. To block this ua, you can have iptables search the packet for that text.

add the following line to /etc/sysconfig/iptables

-A INPUT -p udp -m udp –dport 5060 -m string –string “friendly-scanner” –algo bm –to 500 -j DROP

Now the thing to keep in mind about this is that it only works if you know the string that will be sent as the user agent, and some hackers using SipVicious may take the trouble to change that default string, but some protection is better than none.  However this same technique can be used to block any attack that constantly sends the same string as the user agent, if you know what that string contains.

For those that use Webmin to manage iptables, here are the settings to use.  This should come BEFORE any other rules applicable to port 5060 – I made it the very first rule on the page “Incoming packets (INPUT) – Only applies to packets addressed to this host“:

Rule comment: Stop SipVicious
Action to take: Drop
Network protocol: Equals UDP
Destination TCP or UDP port: Equals Port(s) 5060
Additional IPtables modules: string
Additional parameters: –string “friendly-scanner” –algo bm –to 500

All other settings on the Webmin “Add Rule” page should be left at the default value (usually <ignored>).

To stop the hackers clever enough to change the default user agent string, consider also using this technique.

Xvidtune: a Linux command line interface to print or switch the video mode and/or interactively adjust existing video modes

From the Ubuntu manuals page for xvidtune – video mode tuner for Xorg:

Xvidtune is a client interface to the X server video mode extension (XFree86-VidModeExtension).

When given one of the non-toolkit options, xvidtune provides a command line interface to either print or switch the video mode.

Without any options (or with only toolkit options) it presents the user with various buttons and sliders that can be used to interactively adjust existing video modes. It will also print the settings in a format suitable for inclusion in an xorg.conf file.

Normally the Xorg X servers only allow changes to be made with the XFree86-VidModeExtension from clients connected via a local connection type.

Note: The original mode settings can be restored by pressing the ‘R’ key, and this can be used to restore a stable screen in situations where the screen becomes unreadable.

Emphasis added. We had not heard of Xvidtune before, and it seems like it could be a handy tool to have in certain situations. See the manual page for your Linux distribution, or the Ubuntu manuals page for xvidtune for additional information. However, Tecmint warns:

Note: The Incorrect use of this program can do permanent damage to your monitor and/or Video card. If you don’t know what you are doing, don’t change anything and exit immediately.

Source: 8 Useful X-window (Gui Based) Linux Commands – Part I (Tecmint)