<div dir="ltr"><div>Hello</div><div><br></div>please follow this link <a href="http://kb.asipto.com/kamailio:usage:k31-sip-scanning-attack">http://kb.asipto.com/kamailio:usage:k31-sip-scanning-attack</a> this is a good tuturial about preventing sip attack's<div>
<br></div><div>Regards</div><div><br></div><div class="gmail_extra"><br><br><div class="gmail_quote">2013/11/26 Joli Martinez <span dir="ltr"><<a href="mailto:mrjoli021@gmail.com" target="_blank">mrjoli021@gmail.com</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">How can I do this? Is there an article I can reference or something? I am new to kamailio and not sure how to do this.<br>
<br>
Thanks,<br>
<div class="HOEnZb"><div class="h5"><br>
On Nov 26, 2013, at 4:41 PM, Ovidiu Sas <<a href="mailto:osas@voipembedded.com">osas@voipembedded.com</a>> wrote:<br>
<br>
> Google around for "friendly-scanner" to learn more about it.<br>
> In the mean time, allow the packets to be handled by kamailio and send<br>
> a 200ok back - maybe this will stop the attack.<br>
> After the attack is stopped, simply drop all "friendly-scanner" SIP requests :)<br>
><br>
> Regards,<br>
> Ovidiu Sas<br>
><br>
> On Tue, Nov 26, 2013 at 4:32 PM, Joli Martinez <<a href="mailto:mrjoli021@gmail.com">mrjoli021@gmail.com</a>> wrote:<br>
>> it is comming from "friendly-scanner" The other issue I have is that "/var/log/secure" is not getting the sip requests so the only way I realize it is happeing is from tcpdump. If the secure file is not picking it up then iptables wont know about it. How can I tell iptables to listen for sip requests? I have already added the IP to the blocked IP's but he still keeps on comming.<br>
>><br>
>> Thanks,<br>
>><br>
>> On Nov 26, 2013, at 4:28 PM, Ovidiu Sas <<a href="mailto:osas@voipembedded.com">osas@voipembedded.com</a>> wrote:<br>
>><br>
>>> Most likely it's a bogus script.<br>
>>> Sometimes just sending a dummy reply, will stop the script sending SIP requests.<br>
>>> Check the User-Agent header and from username to see if you can<br>
>>> identify the script and google around for it.<br>
>>><br>
>>> Regards,<br>
>>> Ovidiu Sas<br>
>>><br>
>>> On Tue, Nov 26, 2013 at 4:17 PM, Joli Martinez <<a href="mailto:mrjoli021@gmail.com">mrjoli021@gmail.com</a>> wrote:<br>
>>>> I am running Kamailio in CentOS. I ran tcpdump and noticed that we are getting attacked from IP 188.138.32.72. I have already blocked it on IPtables, but he keeps on attacking the server. If I look at "/var/log/secure" there are no SIP messages. My question is where is the log file for Kamailio and how can I prevent this type of attacks in the future.<br>
>>>><br>
>>>> Thanks,<br>
>>>> _______________________________________________<br>
>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list<br>
>>>> <a href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a><br>
>>>> <a href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users" target="_blank">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a><br>
>>><br>
>>><br>
>>><br>
>>> --<br>
>>> VoIP Embedded, Inc.<br>
>>> <a href="http://www.voipembedded.com" target="_blank">http://www.voipembedded.com</a><br>
>>><br>
>>> _______________________________________________<br>
>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list<br>
>>> <a href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a><br>
>>> <a href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users" target="_blank">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a><br>
>><br>
>><br>
>> _______________________________________________<br>
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list<br>
>> <a href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a><br>
>> <a href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users" target="_blank">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a><br>
><br>
><br>
><br>
> --<br>
> VoIP Embedded, Inc.<br>
> <a href="http://www.voipembedded.com" target="_blank">http://www.voipembedded.com</a><br>
><br>
> _______________________________________________<br>
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list<br>
> <a href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a><br>
> <a href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users" target="_blank">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a><br>
<br>
<br>
_______________________________________________<br>
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list<br>
<a href="mailto:sr-users@lists.sip-router.org">sr-users@lists.sip-router.org</a><br>
<a href="http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users" target="_blank">http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>Cumprimentos<div>José Seabra</div>
</div></div>