[SR-Users] Log files
José Seabra
joseseabra4 at gmail.com
Tue Nov 26 22:59:14 CET 2013
Hello
please follow this link
http://kb.asipto.com/kamailio:usage:k31-sip-scanning-attack this is a good
tuturial about preventing sip attack's
Regards
2013/11/26 Joli Martinez <mrjoli021 at gmail.com>
> How can I do this? Is there an article I can reference or something? I
> am new to kamailio and not sure how to do this.
>
> Thanks,
>
> On Nov 26, 2013, at 4:41 PM, Ovidiu Sas <osas at voipembedded.com> wrote:
>
> > Google around for "friendly-scanner" to learn more about it.
> > In the mean time, allow the packets to be handled by kamailio and send
> > a 200ok back - maybe this will stop the attack.
> > After the attack is stopped, simply drop all "friendly-scanner" SIP
> requests :)
> >
> > Regards,
> > Ovidiu Sas
> >
> > On Tue, Nov 26, 2013 at 4:32 PM, Joli Martinez <mrjoli021 at gmail.com>
> wrote:
> >> it is comming from "friendly-scanner" The other issue I have is that
> "/var/log/secure" is not getting the sip requests so the only way I realize
> it is happeing is from tcpdump. If the secure file is not picking it up
> then iptables wont know about it. How can I tell iptables to listen for
> sip requests? I have already added the IP to the blocked IP's but he still
> keeps on comming.
> >>
> >> Thanks,
> >>
> >> On Nov 26, 2013, at 4:28 PM, Ovidiu Sas <osas at voipembedded.com> wrote:
> >>
> >>> Most likely it's a bogus script.
> >>> Sometimes just sending a dummy reply, will stop the script sending SIP
> requests.
> >>> Check the User-Agent header and from username to see if you can
> >>> identify the script and google around for it.
> >>>
> >>> Regards,
> >>> Ovidiu Sas
> >>>
> >>> On Tue, Nov 26, 2013 at 4:17 PM, Joli Martinez <mrjoli021 at gmail.com>
> wrote:
> >>>> I am running Kamailio in CentOS. I ran tcpdump and noticed that we
> are getting attacked from IP 188.138.32.72. I have already blocked it on
> IPtables, but he keeps on attacking the server. If I look at
> "/var/log/secure" there are no SIP messages. My question is where is the
> log file for Kamailio and how can I prevent this type of attacks in the
> future.
> >>>>
> >>>> Thanks,
> >>>> _______________________________________________
> >>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing
> list
> >>>> sr-users at lists.sip-router.org
> >>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
> >>>
> >>>
> >>>
> >>> --
> >>> VoIP Embedded, Inc.
> >>> http://www.voipembedded.com
> >>>
> >>> _______________________________________________
> >>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> >>> sr-users at lists.sip-router.org
> >>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
> >>
> >>
> >> _______________________________________________
> >> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> >> sr-users at lists.sip-router.org
> >> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
> >
> >
> >
> > --
> > VoIP Embedded, Inc.
> > http://www.voipembedded.com
> >
> > _______________________________________________
> > SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> > sr-users at lists.sip-router.org
> > http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>
--
Cumprimentos
José Seabra
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20131126/71e6ef2f/attachment.html>
More information about the sr-users
mailing list