You can simply drop or exit on User-agent, however as mentioned in above thread it is not a proper solution changing a user-agent is not a big deal, you may have to look into fail2ban, pike etc.

if ($ua =~ "friendly-scanner"){
      exit;
}



On Mon, Dec 30, 2013 at 2:18 PM, Moritz Graf <moritz.graf@g-fit.de> wrote:
Hi,

blocking staticly on the "friendly-scanner" string might not be the
smartest way. Not everyone is so "friendly" to include the
"friendly-scanner" string.
fail2ban seems reasonably, or take a look at that tutorial by daniel:
http://kb.asipto.com/kamailio:usage:k31-sip-scanning-attack (using htable)

greetz

Am 30.12.2013 09:33, schrieb Juha Heinanen:
> Visetel LLC writes:
>
>> I added the following rules on iptables, but it does not work.
>
> might be easier to use fail2ban and let it deal with iptables.
>
> -- juha
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users@lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>


--

Moritz Graf, B.Sc.
Betrieb NGN-Plattform

G-FIT GmbH & Co. KG
Greflingerstr. 26, 93055 Regensburg

Telefon +49 (9 41) 69 85 - 1 86
Telefax +49 (9 41) 69 85 - 2 86
mailto:moritz.graf@g-fit.de
http://www.g-fit.de

G-FIT Gesellschaft für innovative Telekommunikationsdienste mbH & Co.
KG, Kommanditgesellschaft, Sitz Regensburg, Registergericht Regensburg,
HRA 7626; Geschäftsführer: Dipl.Inf. (FH) Alfred Rauscher


_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users




--
Regards

M. Salman Zafar

VoIP Professional