[SR-Users] bad cseq attack
Juha Heinanen
jh at tutpro.com
Wed Aug 21 12:53:38 CEST 2013
i have noticed lots of these kind of attacks in my syslog:
/var/log/syslog.1:Aug 21 04:23:46 host /usr/sbin/sip-proxy[13490]: ERROR: <core> [parser/parse_cseq.c:95]: parse_cseq(): ERROR: CSeq EoL expected
/var/log/syslog.1:Aug 21 04:23:46 host /usr/sbin/sip-proxy[13490]: ERROR: <core> [parser/parse_cseq.c:98]: parse_cseq(): ERROR: parse_cseq: bad cseq
/var/log/syslog.1:Aug 21 04:23:46 host /usr/sbin/sip-proxy[13490]: ERROR: <core> [parser/msg_parser.c:161]: get_hdr_field(): ERROR: get_hdr_field: bad cseq
in order to be able to fail2ban the attacker, source ip address should
appear in syslog message.
is there a way to catch sip request syntax errors in config file so that
appropriate syslog message could be generated?
-- juha
More information about the sr-users
mailing list