Mailing List CGatePro@mail.stalker.com Message #106093
From: Shaun Gamble <listrdr@redco.com.au>
Subject: Re: Spamhaus DROP. Re: SIP attacks
Date: Tue, 14 Jun 2016 15:57:38 +1000
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>

I agree.

While I am a believer of turning off any service you do not use, it is not quite that simple with CGP. Simply turning off a service (or just the listener for that service) may in fact impact you in areas you did not expect. I regularly read through the logs and add IPs to denied IPs. I look at what service they were trying to access and determine whether I can turn it off or not. In the case of the SIP listener, I had frequently seen access requests. Simply turning this service off may have caused other issues I am unaware of, hence the original question.

The thoughtful answers persuaded me to disable the listeners instead of the service. I have not seen any problems so far.

On 14/06/2016 12:52 AM, James Roman wrote:
That is a fine strategic objective, however the complexities of developing a comprehensive security plan for a server that supports as many protocols and is used to facilitate communications between a broad and sometimes differing audiences for each of those services normally requires a bit more consideration than the binary "turn it off if you’re not using it” decisions. Many of the questions fielded by this list are submitted by individuals who may have never had to protect such a robust system. Securing CommuniGate presents some unique challenges compared to any other communications platform I have ever supported, primarily because the application is so robust that I am not encouraged by resource needs or license structure to spread the services among multiple servers, which might allow me to more easily focus the security plan to just one or two services at a time. 

When you do decide to offer one of the many CommuniGate services to your users, you are often challenged with a decision about where to enforce the security for that service. What is nice about this solution is that it nicely provides a way to add a layer of protection across all the services offered by CommuniGate, which may be easier to implement when you have an environment with multiple firewalls.  

On Jun 13, 2016, at 7:00 AM, CommuniGate Pro Discussions <CGatePro@mail.stalker.com> wrote:

Subject: Re: Spamhaus DROP. Re: SIP attacks
Date: June 12, 2016 at 9:36:46 AM EDT


I think the biggest takeaway lesson from this is

1) If you are not using certain features, turn them off

2) Put some sort of firewall in place between your server and the world to control ports if you are too lazy to turn off those unused features.

 

Robert

 

On Sun, 12 Jun 2016 14:09:43 +0300

"Technical Support, Stalker Labs" <support@stalker.com> wrote:

Hello,

On 09.06.2016 11:39, Gib Henry wrote:

You might consider using the Spamhaus DROP and EDROP lists

<https://www.spamhaus.org/drop/>. They eliminate a great deal of spam

and probably a lot of those SIP fishing expeditions.

 

I think it should be a good idea to add these lists to CommuniGate's "Denied IP Addresses" and update them regularly; so I wrote a script to automate that, see "spamhaus_drop.sppr" in <http://www.communigate.com/ScriptRepository/>




-- 

Shaun
Fitzroy Island <http://www.fitzroyisland.com>
Destination Darwin NT <http://www.destinationnt.com>
MOM Backpackers <http://www.momdarwin.com>
Value Inn Hotel <http://www.valueinn.com.au>
Please do not send any unsolicited email. It is not wanted. 
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster