30 Dec
2013
30 Dec
'13
2:22 p.m.
You can simply drop or exit on User-agent, however as mentioned in above
thread it is not a proper solution changing a user-agent is not a big deal,
you may have to look into fail2ban, pike etc.
if ($ua =~ "friendly-scanner"){
exit;
}
On Mon, Dec 30, 2013 at 2:18 PM, Moritz Graf <moritz.graf(a)g-fit.de> wrote:
Hi,
blocking staticly on the "friendly-scanner" string might not be the
smartest way. Not everyone is so "friendly" to include the
"friendly-scanner" string.
fail2ban seems reasonably, or take a look at that tutorial by daniel:
http://kb.asipto.com/kamailio:usage:k31-sip-scanning-attack (using htable)
greetz
Am 30.12.2013 09:33, schrieb Juha Heinanen:
--
Regards
M. Salman Zafar
VoIP Professional
Visetel LLC writes:
--
Moritz Graf, B.Sc.
Betrieb NGN-Plattform
G-FIT GmbH & Co. KG
Greflingerstr. 26, 93055 Regensburg
Telefon +49 (9 41) 69 85 - 1 86
Telefax +49 (9 41) 69 85 - 2 86
mailto:moritz.graf@g-fit.de
http://www.g-fit.de
G-FIT Gesellschaft für innovative Telekommunikationsdienste mbH & Co.
KG, Kommanditgesellschaft, Sitz Regensburg, Registergericht Regensburg,
HRA 7626; Geschäftsführer: Dipl.Inf. (FH) Alfred Rauscher
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
I added the following rules on iptables, but it
does not work.
might be easier to use fail2ban and let it deal with iptables.
-- juha
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users