VoIP/SIP Brute-Force Protection. Stop dictionary-based brute-force attacks on your IP Telephony System.
RdpGuard
Intrusion prevention system for your Windows Server
 
Follow:
Twitter
Telegram
Facebook
RSS

Brute-Force Protection for Session Initiation Protocol (SIP)

Just as the name says, Session Initiation Protocol (SIP) is used to establish a session between 2 or more participants, modify that session, and eventually terminate that session.

The most common use case of this protocol is to establish a session in IP telephony (VoIP/PBX Systems)

If you are running SIP enabled server software like PBX server for your office with open SIP ports, your logs may contain thousands of entries like below: 

[2017/12/07 01:30:24,286] SEND,104.155.45.68:55428
	SIP/2.0 401 Unauthorized
	Via: SIP/2.0/TCP 10.240.0.7
	From: Nessus <sip:10.240.0.7:55428>;tag=0621306b-529e-4de3-8af3-16c2add9ee9a
	To: <sip:100@10.240.0.7:5060>;tag=a162044457133908
	Contact: <sip:100@54.145.237.120:5060>
	Call-ID: 0e03060d-8ed9-423b-8a87-a869b2c0c63f
	CSeq: 361100138 REGISTER
	Warning: 399 104.155.45.68 "Digest authorization required"
	WWW-Authenticate: Digest realm="172.30.2.236", nonce="752341025378199770a104b155b45b68", stale=FALSE, algorithm=MD5
	Server: MizuVoIPServer 8.6
	Content-Length: 0

[2017/12/07 01:30:30,96] SEND,104.155.45.68:57620
	SIP/2.0 401 Unauthorized
	Via: SIP/2.0/TCP 10.240.0.7
	From: Nessus <sip:10.240.0.7:57620>;tag=7e1c5fae-72db-4e42-9fe2-4615477df7c9
	To: <sip:101@10.240.0.7:5060>;tag=a191130192120953
	Contact: <sip:101@54.145.237.120:5060>
	Call-ID: 2042b411-fdf0-4ef1-ae74-68ac6445cf68
	CSeq: 1674088010 REGISTER
	Warning: 399 104.155.45.68 "Digest authorization required"
	WWW-Authenticate: Digest realm="172.30.2.236", nonce="752399215815299769a104b155b45b68", stale=FALSE, algorithm=MD5
	Server: MizuVoIPServer 8.6
	Content-Length: 0
	
[2017/12/07 01:30:36,153] SEND,104.155.45.68:59834
	SIP/2.0 401 Unauthorized
	Via: SIP/2.0/TCP 10.240.0.7
	From: Nessus <sip:10.240.0.7:59834>;tag=1e0db670-d96b-4826-9863-aa17f45e34fc
	To: <sip:102@10.240.0.7:5060>;tag=a112172719731331
	Contact: <sip:102@54.145.237.120:5060>
	Call-ID: ce597314-fb00-4c26-ad40-121be94cde0f
	CSeq: 101627762 REGISTER
	Warning: 399 104.155.45.68 "Digest authorization required"
	WWW-Authenticate: Digest realm="172.30.2.236", nonce="752459741691999768a104b155b45b68", stale=FALSE, algorithm=MD5
	Server: MizuVoIPServer 8.6
	Content-Length: 0

These repeating REGISTER attempts usually mean brute-force attack on your IP telephony system.

Attackers are finding valid usernames first and then use dictionary-based brute-force attack to find weak passwords.

Once the password is found, the attackers can use your phone system to make expensive international phone calls.

Even if you have strong passwords, your phone system constantly works under the heavy load to serve malicious requests, consuming your CPU, Memory, Bandwidth and Disk Space (logs may grow enormously).

RdpGuard allows you to stop endless brute-force attacks on your VoIP/SIP Server.

RdpGuard works with any SIP enabled software.

It monitors one or multiple SIP ports on your server and detects failed REGISTER/INVITE attempts. If the number of failed attempts from a single IP address reaches a set limit (three by default), the attacker's IP address will be blocked.

For Windows Vista/7/8/8.1/10/11 and Windows Server 2008/2012/2016/2019/2022

See Also

How to enable and configure VoIP/SIP Brute-Force Protection

RdpGuard 9.9.9 Free Trial

RdpGuard protects:

Social Connection
RdpGuard Logo
 
People like RdpGuard!
Our customers say

"This sotware is really great. It's a relief. Because my server is constantly under attack. Thanks RdpGuard" - Joaquim De Sousa Marques

"Nice product. I used to implement something similiar in a low-tech and cumbersome manner via a script called TSBlock (not mine). This makes it much easier and is well worth the pricetag for SMB's." - J. Johnson

"Absolutely amazed at your product. We are a church in the North Dallas area, and I discovered this morning multiple failed logon attempts via our Remote Access Server. A friend suggested your product, so I immediately downloaded the trial. It had a list of about five blocked IP addresses in minutes, and that was enough to lead me to push the BUY button. Over the past 10-15 minutes the list is now about thirty with at least a third being international attempts to break into our system. Thanks for a great product. You may have just saved us much grief." - John Hallford

"Love the software. RDP on our Windows servers is just ridiculous. We would block it in the router but we have lots of old-time customers that would have issues." - Scott Hirsch

"Love the software! Makes it easier than tailoring VB Scripts!!" - Nick Brennan

"It's a great product - really stopping those RDP attackers :-)" - Dave, UK

"First of all: Your application is very (!!!) useful and I like it very much securing my 2012 R2 server. RdpGuard is the best solution, I found on the market and after 10 minutes of testing it I ordered the fully-featured version. :-)" - Carsten Baltes

Our Other Products
TntDrive
Easily mount Amazon S3 Bucket as a Windows Drive
S3 Browser
Powerful Windows Client for Amazon S3 and Amazon CloudFront
Copyright © 2012-2025 NetSDK Software. All rights reserved.  Terms of Use.  Privacy Policy.