Brute-Force Protection for Session Initiation Protocol (SIP)
Just as the name says, Session Initiation Protocol (SIP) is used to establish a session between
2 or more participants, modify that session, and eventually terminate that session.
The most common use case of this protocol is to establish a session in IP telephony
(VoIP/PBX Systems)
If you are running SIP enabled server software like PBX server for your office with open SIP ports,
your logs may contain thousands of entries like below:
These repeating REGISTER attempts usually mean brute-force attack on your IP telephony system.
Attackers are finding valid usernames first and then use dictionary-based brute-force attack to find weak passwords.
Once the password is found, the attackers can use your phone system to make expensive international phone calls.
Even if you have strong passwords, your phone system constantly works under the heavy load to serve malicious requests,
consuming your CPU, Memory, Bandwidth and Disk Space (logs may grow enormously).
RdpGuard
allows you to stop endless brute-force attacks on your VoIP/SIP Server.
RdpGuard works with any SIP enabled software.
It monitors one or multiple SIP ports on your server and detects failed REGISTER/INVITE attempts.
If the number of failed attempts from a single IP address reaches a set limit (three by default),
the attacker's IP address will be blocked.
For Windows Vista/7/8/8.1/10/11 and Windows Server 2008/2012/2016/2019/2022