Do you have some example about malicious messages ?
D.
On 11/27/2013 12:00 AM, Joli Martinez wrote:
> I have placed the code below right underneath the route portion in the
> kamailio.cfg file restarted kamailio and I am still being attacked.
>
> ####### Routing Logic ########
>
>
> # main request routing logic
>
> route{
>
> if ($ua=="friendly-scanner") {
> sl_send_reply("200","OK");
> exit;
> }
>
> On Nov 26, 2013, at 5:29 PM, Daniel Grotti <dgro...@sipwise.com
> <mailto:dgro...@sipwise.com>> wrote:
>
>> Hi,
>> you can check the User-Agent reference $ua, if it is equal to
>> "friendly-scanner", just send back a reply with sl_send_reply("200", "OK")
>>
>> Daniel
>>
>>
>>
>> On 11/26/2013 10:53 PM, Joli Martinez wrote:
>>> How can I do this? Is there an article I can reference or something?
>>> I am new to kamailio and not sure how to do this.
>>>
>>> Thanks,
>>>
>>> On Nov 26, 2013, at 4:41 PM, Ovidiu Sas <o...@voipembedded.com
>>> <mailto:o...@voipembedded.com>> wrote:
>>>
>>>> Google around for "friendly-scanner" to learn more about it.
>>>> In the mean time, allow the packets to be handled by kamailio and send
>>>> a 200ok back - maybe this will stop the attack.
>>>> After the attack is stopped, simply drop all "friendly-scanner" SIP
>>>> requests :)
>>>>
>>>> Regards,
>>>> Ovidiu Sas
>>>>
>>>> On Tue, Nov 26, 2013 at 4:32 PM, Joli Martinez <mrjoli...@gmail.com
>>>> <mailto:mrjoli...@gmail.com>> wrote:
>>>>> it is comming from "friendly-scanner" The other issue I have is
>>>>> that "/var/log/secure" is not getting the sip requests so the only
>>>>> way I realize it is happeing is from tcpdump. If the secure file
>>>>> is not picking it up then iptables wont know about it. How can I
>>>>> tell iptables to listen for sip requests? I have already added the
>>>>> IP to the blocked IP's but he still keeps on comming.
>>>>>
>>>>> Thanks,
>>>>>
>>>>> On Nov 26, 2013, at 4:28 PM, Ovidiu Sas <o...@voipembedded.com
>>>>> <mailto:o...@voipembedded.com>> wrote:
>>>>>
>>>>>> Most likely it's a bogus script.
>>>>>> Sometimes just sending a dummy reply, will stop the script sending
>>>>>> SIP requests.
>>>>>> Check the User-Agent header and from username to see if you can
>>>>>> identify the script and google around for it.
>>>>>>
>>>>>> Regards,
>>>>>> Ovidiu Sas
>>>>>>
>>>>>> On Tue, Nov 26, 2013 at 4:17 PM, Joli Martinez
>>>>>> <mrjoli...@gmail.com <mailto:mrjoli...@gmail.com>> wrote:
>>>>>>> I am running Kamailio in CentOS. I ran tcpdump and noticed that
>>>>>>> we are getting attacked from IP 188.138.32.72. I have already
>>>>>>> blocked it on IPtables, but he keeps on attacking the server. If
>>>>>>> I look at "/var/log/secure" there are no SIP messages. My
>>>>>>> question is where is the log file for Kamailio and how can I
>>>>>>> prevent this type of attacks in the future.
>>>>>>>
>>>>>>> Thanks,
>>>>>>> _______________________________________________
>>>>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users
>>>>>>> mailing list
>>>>>>> sr-users@lists.sip-router.org <mailto:sr-users@lists.sip-router.org>
>>>>>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> VoIP Embedded, Inc.
>>>>>> http://www.voipembedded.com
>>>>>>
>>>>>> _______________________________________________
>>>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing
>>>>>> list
>>>>>> sr-users@lists.sip-router.org
>>>>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>>>> sr-users@lists.sip-router.org <mailto:sr-users@lists.sip-router.org>
>>>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>>
>>>>
>>>>
>>>> --
>>>> VoIP Embedded, Inc.
>>>> http://www.voipembedded.com
>>>>
>>>> _______________________________________________
>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>>> sr-users@lists.sip-router.org
>>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>
>>>
>>> _______________________________________________
>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>> sr-users@lists.sip-router.org <mailto:sr-users@lists.sip-router.org>
>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>
>>
>> _______________________________________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>> sr-users@lists.sip-router.org <mailto:sr-users@lists.sip-router.org>
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users@lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
