Most likely it's a bogus script. Sometimes just sending a dummy reply, will stop the script sending SIP requests. Check the User-Agent header and from username to see if you can identify the script and google around for it.
Regards, Ovidiu Sas
On Tue, Nov 26, 2013 at 4:17 PM, Joli Martinez mrjoli021@gmail.com wrote:
I am running Kamailio in CentOS. I ran tcpdump and noticed that we are getting attacked from IP 188.138.32.72. I have already blocked it on IPtables, but he keeps on attacking the server. If I look at "/var/log/secure" there are no SIP messages. My question is where is the log file for Kamailio and how can I prevent this type of attacks in the future.
Thanks, _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users