You can simply drop or exit on User-agent, however as mentioned in above thread it is not a proper solution changing a user-agent is not a big deal, you may have to look into fail2ban, pike etc.
if ($ua =~ "friendly-scanner"){ exit; }
On Mon, Dec 30, 2013 at 2:18 PM, Moritz Graf moritz.graf@g-fit.de wrote:
Hi,
blocking staticly on the "friendly-scanner" string might not be the smartest way. Not everyone is so "friendly" to include the "friendly-scanner" string. fail2ban seems reasonably, or take a look at that tutorial by daniel: http://kb.asipto.com/kamailio:usage:k31-sip-scanning-attack (using htable)
greetz
Am 30.12.2013 09:33, schrieb Juha Heinanen:
Visetel LLC writes:
I added the following rules on iptables, but it does not work.
might be easier to use fail2ban and let it deal with iptables.
-- juha
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Moritz Graf, B.Sc. Betrieb NGN-Plattform
G-FIT GmbH & Co. KG Greflingerstr. 26, 93055 Regensburg
Telefon +49 (9 41) 69 85 - 1 86 Telefax +49 (9 41) 69 85 - 2 86 mailto:moritz.graf@g-fit.de http://www.g-fit.de
G-FIT Gesellschaft für innovative Telekommunikationsdienste mbH & Co. KG, Kommanditgesellschaft, Sitz Regensburg, Registergericht Regensburg, HRA 7626; Geschäftsführer: Dipl.Inf. (FH) Alfred Rauscher
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users