Thanks,
that worked.
On Nov 27, 2013, at 3:47 AM, Muhammad Shahzad wrote:
> Never give any SIP response to any malicious SIP request, ignore it
> completely. Usually such malicious attacks are done through bots (with
> identifiable user--agent header), which send a basic / harmless SIP reques
Never give any SIP response to any malicious SIP request, ignore it
completely. Usually such malicious attacks are done through bots (with
identifiable user--agent header), which send a basic / harmless SIP request
such as SIP OPTIONS and see if they get response, if they do then they
proceed with
Do you have some example about malicious messages ?
D.
On 11/27/2013 12:00 AM, Joli Martinez wrote:
> I have placed the code below right underneath the route portion in the
> kamailio.cfg file restarted kamailio and I am still being attacked.
>
> ### Routing Logic
>
>
> # main req
I have placed the code below right underneath the route portion in the
kamailio.cfg file restarted kamailio and I am still being attacked.
### Routing Logic
# main request routing logic
route{
if ($ua=="friendly-scanner") {
sl_send_reply("200","OK");
Hi,
you can check the User-Agent reference $ua, if it is equal to
"friendly-scanner", just send back a reply with sl_send_reply("200", "OK")
Daniel
On 11/26/2013 10:53 PM, Joli Martinez wrote:
> How can I do this? Is there an article I can reference or something? I am
> new to kamailio and n
Hello
please follow this link
http://kb.asipto.com/kamailio:usage:k31-sip-scanning-attack this is a good
tuturial about preventing sip attack's
Regards
2013/11/26 Joli Martinez
> How can I do this? Is there an article I can reference or something? I
> am new to kamailio and not sure how to
How can I do this? Is there an article I can reference or something? I am new
to kamailio and not sure how to do this.
Thanks,
On Nov 26, 2013, at 4:41 PM, Ovidiu Sas wrote:
> Google around for "friendly-scanner" to learn more about it.
> In the mean time, allow the packets to be handled by
Google around for "friendly-scanner" to learn more about it.
In the mean time, allow the packets to be handled by kamailio and send
a 200ok back - maybe this will stop the attack.
After the attack is stopped, simply drop all "friendly-scanner" SIP requests :)
Regards,
Ovidiu Sas
On Tue, Nov 26, 2
it is comming from "friendly-scanner" The other issue I have is that
"/var/log/secure" is not getting the sip requests so the only way I realize it
is happeing is from tcpdump. If the secure file is not picking it up then
iptables wont know about it. How can I tell iptables to listen for sip
Most likely it's a bogus script.
Sometimes just sending a dummy reply, will stop the script sending SIP requests.
Check the User-Agent header and from username to see if you can
identify the script and google around for it.
Regards,
Ovidiu Sas
On Tue, Nov 26, 2013 at 4:17 PM, Joli Martinez wrote
I am running Kamailio in CentOS. I ran tcpdump and noticed that we are getting
attacked from IP 188.138.32.72. I have already blocked it on IPtables, but he
keeps on attacking the server. If I look at "/var/log/secure" there are no SIP
messages. My question is where is the log file for Kamai
11 matches
Mail list logo
