[SR-Users] SIP Attack
Klaus Darilion
klaus.mailinglists at pernau.at
Thu Apr 19 14:58:37 CEST 2012
There is something wrong:
You show as a SIP response, bu the log files mentions sanity module
which can only be used on requests. So, is this the response you are
sending back?
Klaus
On 17.04.2012 17:02, Ricardo Martinez wrote:
> Hello.
>
> I was wondering if someone could help me here. From time to time I stat
> to receive from the internet this SIP message :
>
> U 190.22.140.170:51316 <http://190.22.140.170:51316> ->
> 64.76.154.110:5060 <http://64.76.154.110:5060>
>
> SIP/2.0 400 BadRequest.
>
> Via: .
>
> From: .
>
> To: .
>
> Call-ID: .
>
> CSeq: .
>
> User-Agent: AddPac SIP Gateway.
>
> Content-Length: 0.
>
> .
>
> At burst rate of 124 pps (packets per second), this meesage is entering
> to Kamailio routine and generating a lot of ERROR logs lie these :
>
> Apr 1 03:32:19 kmborde /usr/local/sbin/kamailio[2311]: ERROR: <core>
> [parser/msg_parser.c:179]: ERROR: get_hdr_field: bad to header
>
> Apr 1 03:32:19 kmborde /usr/local/sbin/kamailio[2311]: INFO: <core>
> [parser/msg_parser.c:353]: ERROR: bad header field [To: <sip:Re
>
> gister=>5]
>
> Apr 1 03:32:19 kmborde /usr/local/sbin/kamailio[2311]: ERROR: <core>
> [parser/msg_parser.c:179]: ERROR: get_hdr_field: bad to header
>
> Apr 1 03:32:19 kmborde /usr/local/sbin/kamailio[2311]: INFO: <core>
> [parser/msg_parser.c:353]: ERROR: bad header field [To: <sip:Re
>
> gister=>5]
>
> Apr 1 03:32:19 kmborde /usr/local/sbin/kamailio[2311]: ERROR: <core>
> [parser/msg_parser.c:179]: ERROR: get_hdr_field: bad to header
>
> Apr 1 03:32:19 kmborde /usr/local/sbin/kamailio[2311]: INFO: <core>
> [parser/msg_parser.c:353]: ERROR: bad header field [To: <sip:Re
>
> gister=>5]
>
> Apr 1 03:32:19 kmborde /usr/local/sbin/kamailio[2311]: ERROR: <core>
> [msg_translator.c:1943]: ERROR: build_res_buf_from_sip_req: al
>
> as, parse_headers failed
>
> Apr 1 03:32:19 kmborde /usr/local/sbin/kamailio[2311]: WARNING: sanity
> [sanity.c:254]: sanity_check(): check_required_headers(): fa
>
> iled to send 400 via sl reply
>
> Apr 1 03:32:20 kmborde /usr/local/sbin/kamailio[2301]: ERROR: <core>
> [parser/msg_parser.c:179]: ERROR: get_hdr_field: bad to header
>
> Apr 1 03:32:20 kmborde /usr/local/sbin/kamailio[2301]: INFO: <core>
> [parser/msg_parser.c:353]: ERROR: bad header field [To: <sip:Re
>
> gister=>5]
>
> Apr 1 03:32:20 kmborde /usr/local/sbin/kamailio[2301]: ERROR: <core>
> [parser/msg_parser.c:179]: ERROR: get_hdr_field: bad to header
>
> Apr 1 03:32:20 kmborde /usr/local/sbin/kamailio[2301]: INFO: <core>
> [parser/msg_parser.c:353]: ERROR: bad header field [To: <sip:Re
>
> gister=>5]
>
> Apr 1 03:32:20 kmborde /usr/local/sbin/kamailio[2301]: ERROR: <core>
> [parser/msg_parser.c:179]: ERROR: get_hdr_field: bad to header
>
> Apr 1 03:32:20 kmborde /usr/local/sbin/kamailio[2301]: INFO: <core>
> [parser/msg_parser.c:353]: ERROR: bad header field [To: <sip:Re
>
> gister=>5]
>
> Apr 1 03:32:20 kmborde /usr/local/sbin/kamailio[2301]: ERROR: <core>
> [msg_translator.c:1943]: ERROR: build_res_buf_from_sip_req: al
>
> as, parse_headers failed
>
> Apr 1 03:32:20 kmborde /usr/local/sbin/kamailio[2301]: WARNING: sanity
> [sanity.c:254]: sanity_check(): check_required_headers(): fa
>
> iled to send 400 via sl reply
>
> Apr 1 03:32:23 kmborde /usr/local/sbin/kamailio[2320]: ERROR: <core>
> [parser/msg_parser.c:179]: ERROR: get_hdr_field: bad to header
>
> Apr 1 03:32:23 kmborde /usr/local/sbin/kamailio[2320]: INFO: <core>
> [parser/msg_parser.c:353]: ERROR: bad header field [To: <sip:Re
>
> gister=>5]
>
> Apr 1 03:32:23 kmborde /usr/local/sbin/kamailio[2320]: ERROR: <core>
> [parser/msg_parser.c:179]: ERROR: get_hdr_field: bad to header
>
> Apr 1 03:32:23 kmborde /usr/local/sbin/kamailio[2320]: INFO: <core>
> [parser/msg_parser.c:353]: ERROR: bad header field [To: <sip:Re
>
> gister=>5]
>
> Apr 1 03:32:23 kmborde /usr/local/sbin/kamailio[2320]: ERROR: <core>
> [parser/msg_parser.c:179]: ERROR: get_hdr_field: bad to header
>
> Apr 1 03:32:23 kmborde /usr/local/sbin/kamailio[2320]: INFO: <core>
> [parser/msg_parser.c:353]: ERROR: bad header field [To: <sip:Re
>
> gister=>5]
>
> Apr 1 03:32:23 kmborde /usr/local/sbin/kamailio[2320]: ERROR: <core>
> [msg_translator.c:1943]: ERROR: build_res_buf_from_sip_req: al
>
> as, parse_headers failed
>
> Apr 1 03:32:23 kmborde /usr/local/sbin/kamailio[2320]: WARNING: sanity
> [sanity.c:254]: sanity_check(): check_required_headers(): fa
>
> iled to send 400 via sl reply
>
> The only way that I have now for blocking this packet to hit the
> Kamailio server is via iptables :
>
> iptables -A INPUT -s 190.22.140.170 -p udp --dport 5060 --jump REJECT
>
> Is there a better way to do this?!
>
> Thanks in advance,
>
> **
>
> *Ricardo Martinez.-*
>
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
More information about the sr-users
mailing list