ejabberd.yml.example: Use non-standard STUN port

STUN via UDP can easily be abused for reflection/amplification DDoS attacks. Suggest a non-standard port to make it harder for attackers to discover the service. Modern XMPP clients discover the port via XEP-0215, so there's no advantage in sticking to the standard port.
processone · Nov 14, 2024 · 18c54f4 · 18c54f4
1 parent c7d967a
commit 18c54f4
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/ejabberd.yml.example b/ejabberd.yml.example
@@ -67,7 +67,7 @@ listen:
       /admin: ejabberd_web_admin
       /.well-known/acme-challenge: ejabberd_acme
   -
-    port: 3478
+    port: 5478
     ip: "::"
     transport: udp
     module: ejabberd_stun