<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hello,<br>
<br>
I see the message gets to the config file, hitting sanity module.
What you can do is to use fail2ban for automatic interaction with
iptables -- you can inspire from this tutorial:<br>
<br>
*
<a class="moz-txt-link-freetext" href="http://kb.asipto.com/kamailio:usage:k31-sip-scanning-attack#fail2ban">http://kb.asipto.com/kamailio:usage:k31-sip-scanning-attack#fail2ban</a><br>
<br>
You will just have a different condition, based on sanity and
eventual some regexp to detect this specific case, to print the log
message that is searched by fail2ban.<br>
<br>
Cheers,<br>
Daniel<br>
<br>
<br>
On 4/17/12 5:21 PM, Reda Aouad wrote:
<blockquote
cite="mid:CAA30pc5MBxzx4oFACUb82HfBvf0rF37_LgkEpq8SwLTSvbWeNw@mail.gmail.com"
type="cite">
<div dir="ltr"><font color="#3366ff"><font><font
face="tahoma,sans-serif">Hi,<br>
<br>
Do you have any client that is sending a corrupt request
to the "AddPac SIP Gateway" at 190.22.140.170, so that
this gateway is replying "400 bad request" ? Maybe you
could resolve this problem at the source..<br>
<br>
If it's not the case, you can send an email to the owner
of the IP address.<br>
A quick lookup on the IP address on <a
moz-do-not-send="true"
href="http://www.network-tools.com">www.network-tools.com</a>
gives you a hint on the owner.<br>
</font></font></font>
<div dir="ltr"><font color="#3366ff" face="tahoma, sans-serif"><br>
</font>
<div><font color="#3366ff" face="tahoma, sans-serif">Reda</font></div>
</div>
<br>
<br>
<br>
<div class="gmail_quote">On Tue, Apr 17, 2012 at 17:19, Vineet
Menon <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:mvineetmenon@gmail.com">mvineetmenon@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
IMHO preventing the packet to reach kamailio is better (via
iptables) than doing something in kamailio itself....<br>
<br clear="all">
Regards,<br>
<br>
Vineet Menon<br>
<br>
<br>
<br>
<br>
<div class="gmail_quote">
<div>
<div class="h5">On 17 April 2012 20:32, Ricardo Martinez
<span dir="ltr"><<a moz-do-not-send="true"
href="mailto:rmartinez@redvoiss.net"
target="_blank">rmartinez@redvoiss.net</a>></span>
wrote:<br>
</div>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div class="h5">
<div link="blue" vlink="purple" lang="ES-CL">
<div>
<p class="MsoNormal"><span lang="EN-US">Hello.</span></p>
<p class="MsoNormal"><span lang="EN-US">I was
wondering if someone could help me here.
From time to time I stat to receive from the
internet this SIP message :</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">U <a
moz-do-not-send="true"
href="http://190.22.140.170:51316"
target="_blank">190.22.140.170:51316</a>
-> <a moz-do-not-send="true"
href="http://64.76.154.110:5060"
target="_blank">64.76.154.110:5060</a></span></p>
<p class="MsoNormal"><span lang="EN-US">SIP/2.0
400 BadRequest.</span></p>
<p class="MsoNormal"><span lang="EN-US">Via: .</span></p>
<p class="MsoNormal"><span lang="EN-US">From: .</span></p>
<p class="MsoNormal"><span lang="EN-US">To: .</span></p>
<p class="MsoNormal"><span lang="EN-US">Call-ID:
.</span></p>
<p class="MsoNormal"><span lang="EN-US">CSeq: .</span></p>
<p class="MsoNormal"><span lang="EN-US">User-Agent:
AddPac SIP Gateway.</span></p>
<p class="MsoNormal">
<span lang="EN-US">Content-Length: 0.</span></p>
<p class="MsoNormal"><span lang="EN-US">.</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">At burst
rate of 124 pps (packets per second), this
meesage is entering to Kamailio routine and
generating a lot of ERROR logs lie these : <br>
<br>
</span></p>
<p class="MsoNormal"><span lang="EN-US">Apr 1
03:32:19 kmborde
/usr/local/sbin/kamailio[2311]: ERROR:
<core> [parser/msg_parser.c:179]:
ERROR: get_hdr_field: bad to header</span></p>
<p class="MsoNormal">
<span lang="EN-US">Apr 1 03:32:19 kmborde
/usr/local/sbin/kamailio[2311]: INFO:
<core> [parser/msg_parser.c:353]:
ERROR: bad header field [To: <<a class="moz-txt-link-freetext" href="sip:Re">sip:Re</a></span></p>
<p class="MsoNormal"><span lang="EN-US">gister=>5]</span></p>
<p class="MsoNormal"><span lang="EN-US">Apr 1
03:32:19 kmborde
/usr/local/sbin/kamailio[2311]: ERROR:
<core> [parser/msg_parser.c:179]:
ERROR: get_hdr_field: bad to header</span></p>
<p class="MsoNormal"><span lang="EN-US">Apr 1
03:32:19 kmborde
/usr/local/sbin/kamailio[2311]: INFO:
<core> [parser/msg_parser.c:353]:
ERROR: bad header field [To: <<a class="moz-txt-link-freetext" href="sip:Re">sip:Re</a></span></p>
<p class="MsoNormal"><span lang="EN-US">gister=>5]</span></p>
<p class="MsoNormal"><span lang="EN-US">Apr 1
03:32:19 kmborde
/usr/local/sbin/kamailio[2311]: ERROR:
<core> [parser/msg_parser.c:179]:
ERROR: get_hdr_field: bad to header</span></p>
<p class="MsoNormal"><span lang="EN-US">Apr 1
03:32:19 kmborde
/usr/local/sbin/kamailio[2311]: INFO:
<core> [parser/msg_parser.c:353]:
ERROR: bad header field [To: <<a class="moz-txt-link-freetext" href="sip:Re">sip:Re</a></span></p>
<p class="MsoNormal"><span lang="EN-US">gister=>5]</span></p>
<p class="MsoNormal"><span lang="EN-US">Apr 1
03:32:19 kmborde
/usr/local/sbin/kamailio[2311]: ERROR:
<core> [msg_translator.c:1943]: ERROR:
build_res_buf_from_sip_req: al</span></p>
<p class="MsoNormal"><span lang="EN-US">as,
parse_headers failed</span></p>
<p class="MsoNormal"><span lang="EN-US">Apr 1
03:32:19 kmborde
/usr/local/sbin/kamailio[2311]: WARNING:
sanity [sanity.c:254]: sanity_check():
check_required_headers(): fa</span></p>
<p class="MsoNormal"><span lang="EN-US">iled to
send 400 via sl reply</span></p>
<p class="MsoNormal"><span lang="EN-US">Apr 1
03:32:20 kmborde
/usr/local/sbin/kamailio[2301]: ERROR:
<core> [parser/msg_parser.c:179]:
ERROR: get_hdr_field: bad to header</span></p>
<p class="MsoNormal"><span lang="EN-US">Apr 1
03:32:20 kmborde
/usr/local/sbin/kamailio[2301]: INFO:
<core> [parser/msg_parser.c:353]:
ERROR: bad header field [To: <<a class="moz-txt-link-freetext" href="sip:Re">sip:Re</a></span></p>
<p class="MsoNormal"><span lang="EN-US">gister=>5]</span></p>
<p class="MsoNormal"><span lang="EN-US">Apr 1
03:32:20 kmborde
/usr/local/sbin/kamailio[2301]: ERROR:
<core> [parser/msg_parser.c:179]:
ERROR: get_hdr_field: bad to header</span></p>
<p class="MsoNormal"><span lang="EN-US">Apr 1
03:32:20 kmborde
/usr/local/sbin/kamailio[2301]: INFO:
<core> [parser/msg_parser.c:353]:
ERROR: bad header field [To: <<a class="moz-txt-link-freetext" href="sip:Re">sip:Re</a></span></p>
<p class="MsoNormal"><span lang="EN-US">gister=>5]</span></p>
<p class="MsoNormal"><span lang="EN-US">Apr 1
03:32:20 kmborde
/usr/local/sbin/kamailio[2301]: ERROR:
<core> [parser/msg_parser.c:179]:
ERROR: get_hdr_field: bad to header</span></p>
<p class="MsoNormal"><span lang="EN-US">Apr 1
03:32:20 kmborde
/usr/local/sbin/kamailio[2301]: INFO:
<core> [parser/msg_parser.c:353]:
ERROR: bad header field [To: <<a class="moz-txt-link-freetext" href="sip:Re">sip:Re</a></span></p>
<p class="MsoNormal"><span lang="EN-US">gister=>5]</span></p>
<p class="MsoNormal"><span lang="EN-US">Apr 1
03:32:20 kmborde
/usr/local/sbin/kamailio[2301]: ERROR:
<core> [msg_translator.c:1943]: ERROR:
build_res_buf_from_sip_req: al</span></p>
<p class="MsoNormal"><span lang="EN-US">as,
parse_headers failed</span></p>
<p class="MsoNormal"><span lang="EN-US">Apr 1
03:32:20 kmborde
/usr/local/sbin/kamailio[2301]: WARNING:
sanity [sanity.c:254]: sanity_check():
check_required_headers(): fa</span></p>
<p class="MsoNormal"><span lang="EN-US">iled to
send 400 via sl reply</span></p>
<p class="MsoNormal"><span lang="EN-US">Apr 1
03:32:23 kmborde
/usr/local/sbin/kamailio[2320]: ERROR:
<core> [parser/msg_parser.c:179]:
ERROR: get_hdr_field: bad to header</span></p>
<p class="MsoNormal"><span lang="EN-US">Apr 1
03:32:23 kmborde
/usr/local/sbin/kamailio[2320]: INFO:
<core> [parser/msg_parser.c:353]:
ERROR: bad header field [To: <<a class="moz-txt-link-freetext" href="sip:Re">sip:Re</a></span></p>
<p class="MsoNormal"><span lang="EN-US">gister=>5]</span></p>
<p class="MsoNormal"><span lang="EN-US">Apr 1
03:32:23 kmborde
/usr/local/sbin/kamailio[2320]: ERROR:
<core> [parser/msg_parser.c:179]:
ERROR: get_hdr_field: bad to header</span></p>
<p class="MsoNormal"><span lang="EN-US">Apr 1
03:32:23 kmborde
/usr/local/sbin/kamailio[2320]: INFO:
<core> [parser/msg_parser.c:353]:
ERROR: bad header field [To: <<a class="moz-txt-link-freetext" href="sip:Re">sip:Re</a></span></p>
<p class="MsoNormal"><span lang="EN-US">gister=>5]</span></p>
<p class="MsoNormal"><span lang="EN-US">Apr 1
03:32:23 kmborde
/usr/local/sbin/kamailio[2320]: ERROR:
<core> [parser/msg_parser.c:179]:
ERROR: get_hdr_field: bad to header</span></p>
<p class="MsoNormal"><span lang="EN-US">Apr 1
03:32:23 kmborde
/usr/local/sbin/kamailio[2320]: INFO:
<core> [parser/msg_parser.c:353]:
ERROR: bad header field [To: <<a class="moz-txt-link-freetext" href="sip:Re">sip:Re</a></span></p>
<p class="MsoNormal"><span lang="EN-US">gister=>5]</span></p>
<p class="MsoNormal"><span lang="EN-US">Apr 1
03:32:23 kmborde
/usr/local/sbin/kamailio[2320]: ERROR:
<core> [msg_translator.c:1943]: ERROR:
build_res_buf_from_sip_req: al</span></p>
<p class="MsoNormal"><span lang="EN-US">as,
parse_headers failed</span></p>
<p class="MsoNormal"><span lang="EN-US">Apr 1
03:32:23 kmborde
/usr/local/sbin/kamailio[2320]: WARNING:
sanity [sanity.c:254]: sanity_check():
check_required_headers(): fa</span></p>
<p class="MsoNormal"><span lang="EN-US">iled to
send 400 via sl reply</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">The only
way that I have now for blocking this packet
to hit the Kamailio server is via iptables :
</span></p>
<p class="MsoNormal"><span lang="EN-US">iptables
-A INPUT -s 190.22.140.170 -p udp --dport
5060 --jump REJECT</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">Is there
a better way to do this?!</span></p>
<p class="MsoNormal"><span lang="EN-US">Thanks
in advance,</span></p>
<p class="MsoNormal" style="margin-top:3.0pt"><b><span
style="font-size:10.0pt;font-family:"Arial","sans-serif""
lang="EN-US"> </span></b></p>
<p class="MsoNormal" style="margin-top:3.0pt"><b><span
style="font-size:10.0pt;font-family:"Arial","sans-serif""
lang="EN-US">Ricardo Martinez.-</span></b><span
style="font-size:9.0pt;font-family:"Trebuchet
MS","sans-serif";color:#7f7f7f" lang="EN-US"> </span><span
lang="ES"></span></p>
<p class="MsoNormal"> </p>
</div>
</div>
<br>
</div>
</div>
_______________________________________________<br>
SIP Express Router (SER) and Kamailio (OpenSER) -
sr-users mailing list<br>
<a moz-do-not-send="true"
href="mailto:sr-users@lists.sip-router.org"
target="_blank">sr-users@lists.sip-router.org</a><br>
<a moz-do-not-send="true"
href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users"
target="_blank">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a><br>
<br>
</blockquote>
</div>
<br>
<br>
_______________________________________________<br>
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users
mailing list<br>
<a moz-do-not-send="true"
href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a><br>
<a moz-do-not-send="true"
href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users"
target="_blank">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a>
<a class="moz-txt-link-freetext" href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla
Kamailio Advanced Training, April 23-26, 2012, Berlin, Germany
<a class="moz-txt-link-freetext" href="http://www.asipto.com/index.php/kamailio-advanced-training/">http://www.asipto.com/index.php/kamailio-advanced-training/</a></pre>
</body>
</html>