[SR-Users] SIP Attack

Fri Apr 20 10:27:52 CEST 2012

Hello,

On 4/19/12 2:58 PM, Klaus Darilion wrote:
> There is something wrong:
>
> You show as a SIP response, bu the log files mentions sanity module 
> which can only be used on requests. So, is this the response you are 
> sending back?
sanity can be used also for replies, at least in 3.2.x and devel.

Cheers,
Daniel
>
> Klaus
>
> On 17.04.2012 17:02, Ricardo Martinez wrote:
>> Hello.
>>
>> I was wondering if someone could help me here.  From time to time I stat
>> to receive from the internet this SIP message :
>>
>> U 190.22.140.170:51316 <http://190.22.140.170:51316> ->
>> 64.76.154.110:5060 <http://64.76.154.110:5060>
>>
>> SIP/2.0 400 BadRequest.
>>
>> Via: .
>>
>> From: .
>>
>> To: .
>>
>> Call-ID: .
>>
>> CSeq: .
>>
>> User-Agent: AddPac SIP Gateway.
>>
>> Content-Length: 0.
>>
>> .
>>
>> At burst rate of 124 pps (packets per second), this meesage is entering
>> to Kamailio routine and generating a lot of ERROR logs lie these :
>>
>> Apr  1 03:32:19 kmborde /usr/local/sbin/kamailio[2311]: ERROR: <core>
>> [parser/msg_parser.c:179]: ERROR: get_hdr_field: bad to header
>>
>> Apr  1 03:32:19 kmborde /usr/local/sbin/kamailio[2311]: INFO: <core>
>> [parser/msg_parser.c:353]: ERROR: bad header field [To: <sip:Re
>>
>> gister=>5]
>>
>> Apr  1 03:32:19 kmborde /usr/local/sbin/kamailio[2311]: ERROR: <core>
>> [parser/msg_parser.c:179]: ERROR: get_hdr_field: bad to header
>>
>> Apr  1 03:32:19 kmborde /usr/local/sbin/kamailio[2311]: INFO: <core>
>> [parser/msg_parser.c:353]: ERROR: bad header field [To: <sip:Re
>>
>> gister=>5]
>>
>> Apr  1 03:32:19 kmborde /usr/local/sbin/kamailio[2311]: ERROR: <core>
>> [parser/msg_parser.c:179]: ERROR: get_hdr_field: bad to header
>>
>> Apr  1 03:32:19 kmborde /usr/local/sbin/kamailio[2311]: INFO: <core>
>> [parser/msg_parser.c:353]: ERROR: bad header field [To: <sip:Re
>>
>> gister=>5]
>>
>> Apr  1 03:32:19 kmborde /usr/local/sbin/kamailio[2311]: ERROR: <core>
>> [msg_translator.c:1943]: ERROR: build_res_buf_from_sip_req: al
>>
>> as, parse_headers failed
>>
>> Apr  1 03:32:19 kmborde /usr/local/sbin/kamailio[2311]: WARNING: sanity
>> [sanity.c:254]: sanity_check(): check_required_headers(): fa
>>
>> iled to send 400 via sl reply
>>
>> Apr  1 03:32:20 kmborde /usr/local/sbin/kamailio[2301]: ERROR: <core>
>> [parser/msg_parser.c:179]: ERROR: get_hdr_field: bad to header
>>
>> Apr  1 03:32:20 kmborde /usr/local/sbin/kamailio[2301]: INFO: <core>
>> [parser/msg_parser.c:353]: ERROR: bad header field [To: <sip:Re
>>
>> gister=>5]
>>
>> Apr  1 03:32:20 kmborde /usr/local/sbin/kamailio[2301]: ERROR: <core>
>> [parser/msg_parser.c:179]: ERROR: get_hdr_field: bad to header
>>
>> Apr  1 03:32:20 kmborde /usr/local/sbin/kamailio[2301]: INFO: <core>
>> [parser/msg_parser.c:353]: ERROR: bad header field [To: <sip:Re
>>
>> gister=>5]
>>
>> Apr  1 03:32:20 kmborde /usr/local/sbin/kamailio[2301]: ERROR: <core>
>> [parser/msg_parser.c:179]: ERROR: get_hdr_field: bad to header
>>
>> Apr  1 03:32:20 kmborde /usr/local/sbin/kamailio[2301]: INFO: <core>
>> [parser/msg_parser.c:353]: ERROR: bad header field [To: <sip:Re
>>
>> gister=>5]
>>
>> Apr  1 03:32:20 kmborde /usr/local/sbin/kamailio[2301]: ERROR: <core>
>> [msg_translator.c:1943]: ERROR: build_res_buf_from_sip_req: al
>>
>> as, parse_headers failed
>>
>> Apr  1 03:32:20 kmborde /usr/local/sbin/kamailio[2301]: WARNING: sanity
>> [sanity.c:254]: sanity_check(): check_required_headers(): fa
>>
>> iled to send 400 via sl reply
>>
>> Apr  1 03:32:23 kmborde /usr/local/sbin/kamailio[2320]: ERROR: <core>
>> [parser/msg_parser.c:179]: ERROR: get_hdr_field: bad to header
>>
>> Apr  1 03:32:23 kmborde /usr/local/sbin/kamailio[2320]: INFO: <core>
>> [parser/msg_parser.c:353]: ERROR: bad header field [To: <sip:Re
>>
>> gister=>5]
>>
>> Apr  1 03:32:23 kmborde /usr/local/sbin/kamailio[2320]: ERROR: <core>
>> [parser/msg_parser.c:179]: ERROR: get_hdr_field: bad to header
>>
>> Apr  1 03:32:23 kmborde /usr/local/sbin/kamailio[2320]: INFO: <core>
>> [parser/msg_parser.c:353]: ERROR: bad header field [To: <sip:Re
>>
>> gister=>5]
>>
>> Apr  1 03:32:23 kmborde /usr/local/sbin/kamailio[2320]: ERROR: <core>
>> [parser/msg_parser.c:179]: ERROR: get_hdr_field: bad to header
>>
>> Apr  1 03:32:23 kmborde /usr/local/sbin/kamailio[2320]: INFO: <core>
>> [parser/msg_parser.c:353]: ERROR: bad header field [To: <sip:Re
>>
>> gister=>5]
>>
>> Apr  1 03:32:23 kmborde /usr/local/sbin/kamailio[2320]: ERROR: <core>
>> [msg_translator.c:1943]: ERROR: build_res_buf_from_sip_req: al
>>
>> as, parse_headers failed
>>
>> Apr  1 03:32:23 kmborde /usr/local/sbin/kamailio[2320]: WARNING: sanity
>> [sanity.c:254]: sanity_check(): check_required_headers(): fa
>>
>> iled to send 400 via sl reply
>>
>> The only way that I have now for blocking this packet to hit the
>> Kamailio server is via iptables :
>>
>> iptables -A INPUT -s 190.22.140.170 -p udp --dport 5060 --jump REJECT
>>
>> Is there a better way to do this?!
>>
>> Thanks in advance,
>>
>> **
>>
>> *Ricardo Martinez.-*
>>
>>
>>
>> _______________________________________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>> sr-users at lists.sip-router.org
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla
Kamailio Advanced Training, April 23-26, 2012, Berlin, Germany
http://www.asipto.com/index.php/kamailio-advanced-training/