Most likely it's a bogus script. Sometimes just sending a dummy reply, will stop the script sending SIP requests. Check the User-Agent header and from username to see if you can identify the script and google around for it.
Regards, Ovidiu Sas On Tue, Nov 26, 2013 at 4:17 PM, Joli Martinez <mrjoli...@gmail.com> wrote: > I am running Kamailio in CentOS. I ran tcpdump and noticed that we are > getting attacked from IP 188.138.32.72. I have already blocked it on > IPtables, but he keeps on attacking the server. If I look at > "/var/log/secure" there are no SIP messages. My question is where is the log > file for Kamailio and how can I prevent this type of attacks in the future. > > Thanks, > _______________________________________________ > SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list > sr-users@lists.sip-router.org > http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users -- VoIP Embedded, Inc. http://www.voipembedded.com _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
