ViciBox v.8.0 SIP attack and country blocking

Support forum for the ViciBox ISO Server Install and ISO LiveCD Demo

Moderators: enjay, williamconley, Staydog, mflorell, MJCoate, mcargile, Kumba

ViciBox v.8.0 SIP attack and country blocking

Postby Kumba » Sat Oct 07, 2017 5:51 pm

One of the new features added to ViciBox v.8.0 is automated SIP blocking. This is integrated into the built-in SuSE Firewall. What this means is that these blocking rules will only work when the SuSE Firewall is loaded. One trick to making this work when you have your own firewall is to configure all interfaces to be in the 'Internal' zone. This will result in SuSE Firewall loading without restricting the interfaces while also giving you the ability to block SIP after your external firewall.

The first blocking method is to block IPs via Country that the assigned IP is coming from. Here is how you enable the country blocking:

1) crontab -l > /root/rootcron
2) echo "@reboot /usr/local/bin/ipset-geoblock-country.sh 2>/var/log/geoblock.log 1>&2" >> /etc/rootcron
3) crontab /root/rootcron

After you have done the above, you should edit the file at /usr/local/bin/ipset-geoblock-country.sh and make sure that the 2-character ISO code for all the countries you want to block are listed on line 9. You should also verify that no countries are listed there that you DO want to talk to. After that just run ipset-geoblock-country.sh and wait a few minutes for it to finish. By default it will block the following countries: CN VN RU IN AF UA TW TH SK SI RO PL PK PH LV LU ID HU HR BD.


The second blocking method downloads a VoIP block list from voipbl.org. ViciBox v.8.0.2+ will already have the script that loads this blocklist installed, but others can download it and use it just as well. Steps 1 through 3 can be omitted if you are using ViciBox v.8.0.2 or higher. Here's how you enable the block list:

1) cd /usr/local/bin
2) wget http://download.vicidial.com/vicibox/ipset-voipbl.sh
3) chmod 755 ipset-voipbl.sh
4) crontab -l > /root/rootcron
5) echo "@reboot /usr/local/bin/ipset-voipbl.sh 2>/var/log/voipbl.log 1>&2" >> /root/rootcron
6) echo "0 */12 * * * /usr/local/bin/ipset-voipbl.sh 2>/var/log/voipbl.log 1>&2" >> /root/rootcron
7) crontab /root/rootcron

Once done, simply run 'ipset-voipbl.sh' and it will load the black list for you. The instructions are set to load the blacklist after each reboot, and every 12 hours after that.
Kumba
 
Posts: 939
Joined: Tue Oct 16, 2007 11:44 pm
Location: Florida

Return to ViciBox Server Install and Demo

Who is online

Users browsing this forum: Google [Bot] and 67 guests