[SR-Users] Log files

Daniel Grotti dgrotti at sipwise.com
Tue Nov 26 23:29:39 CET 2013 

Hi,
you can check the User-Agent reference $ua, if it is equal to
"friendly-scanner", just send back a reply with sl_send_reply("200", "OK")

Daniel



On 11/26/2013 10:53 PM, Joli Martinez wrote:
> How can I do this?  Is there an article I can reference or something?  I am new to kamailio and not sure how to do this.
> 
> Thanks,
> 
> On Nov 26, 2013, at 4:41 PM, Ovidiu Sas <osas at voipembedded.com> wrote:
> 
>> Google around for "friendly-scanner" to learn more about it.
>> In the mean time, allow the packets to be handled by kamailio and send
>> a 200ok back - maybe this will stop the attack.
>> After the attack is stopped, simply drop all "friendly-scanner" SIP requests :)
>>
>> Regards,
>> Ovidiu Sas
>>
>> On Tue, Nov 26, 2013 at 4:32 PM, Joli Martinez <mrjoli021 at gmail.com> wrote:
>>> it is comming from "friendly-scanner" The other issue I have is that "/var/log/secure" is not getting the sip requests so the only way I realize it is happeing is from tcpdump.  If the secure file is not picking it up then iptables wont know about it.  How can I tell iptables to listen for sip requests?  I have already added the IP to the blocked IP's but he still keeps on comming.
>>>
>>> Thanks,
>>>
>>> On Nov 26, 2013, at 4:28 PM, Ovidiu Sas <osas at voipembedded.com> wrote:
>>>
>>>> Most likely it's a bogus script.
>>>> Sometimes just sending a dummy reply, will stop the script sending SIP requests.
>>>> Check the User-Agent header and from username to see if you can
>>>> identify the script and google around for it.
>>>>
>>>> Regards,
>>>> Ovidiu Sas
>>>>
>>>> On Tue, Nov 26, 2013 at 4:17 PM, Joli Martinez <mrjoli021 at gmail.com> wrote:
>>>>> I am running Kamailio in CentOS.  I ran tcpdump and noticed that we are getting attacked from IP 188.138.32.72.  I have already blocked it on IPtables, but he keeps on attacking the server.  If I look at "/var/log/secure" there are no SIP messages.  My question is where is the log file for Kamailio and how can I prevent this type of attacks in the future.
>>>>>
>>>>> Thanks,
>>>>> _______________________________________________
>>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>>>> sr-users at lists.sip-router.org
>>>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>>
>>>>
>>>>
>>>> --
>>>> VoIP Embedded, Inc.
>>>> http://www.voipembedded.com
>>>>
>>>> _______________________________________________
>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>>> sr-users at lists.sip-router.org
>>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>
>>>
>>> _______________________________________________
>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>> sr-users at lists.sip-router.org
>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>
>>
>>
>> -- 
>> VoIP Embedded, Inc.
>> http://www.voipembedded.com
>>
>> _______________________________________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>> sr-users at lists.sip-router.org
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
> 
> 
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>

More information about the sr-users mailing list