Re: [OpenSIPS-Users] Ghost calls 1001

2017-04-20 Thread Schneur Rosenberg 
In addition to iptables/fail2ban you should inspect the useragent that the
packets come from, most of them will come from sip vicious or friendly
scanner etc, you can block them with iptables and/or with drop() in
opensips, this will stop the scanner right away because he won't get any
replies so he will just move on.

On Apr 21, 2017 8:11 AM, "Uzair Hassan"  wrote:

> Is there a way to change opensips port ? Whenever I try it doesn't even
> start.
>
> On April 20, 2017 9:09:55 PM "Alexander Jankowsky" <
> e75a4...@exemail.com.au> wrote:
>
>>
>>
>> You might need to do a Wireshark trace and find out if the calls
>> originate externally into the system.
>>
>> If you are in an open DMZ with the router, that could be just the start
>> of your problems.
>>
>> I had Opensips 2.3.0-beta in the open on DMZ with the router for only a
>> few hours and
>>
>> I then had a couple of dozen automated break in attempts trying to access
>> the system.
>>
>> You need to pay a lot of attention to the system logs otherwise you may
>> not even notice.
>>
>> Go over your router very carefully and restrict everything you do not
>> need exposed.
>>
>> Port 5060 is a very popular target with automated robots, use another
>> port if your able to.
>>
>>
>>
>> Alex
>>
>>
>>
>>
>>
>> *From:* Users [mailto:users-boun...@lists.opensips.org] *On Behalf Of *Uzair
>> Hassan
>> *Sent:* Friday, 21 April 2017 6:16 AM
>> *To:* users@lists.opensips.org
>> *Subject:* [OpenSIPS-Users] Ghost calls 1001
>>
>>
>>
>> Hello all,
>>
>>
>>
>> I have setup a opensips 2.3 on a new server and I'm getting ghost calls
>> into my system. How do I stop these ghost call? The opensips server is
>> brand new. the install is clean and nothing has been touched after the
>> initial simple residential script setup. What can I do to defend myself
>> from these ghost calls.
>>
>> Thank you so much.
>>
>>
>> ___
>> Users mailing list
>> Users@lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] Ghost calls 1001

2017-04-20 Thread Uzair Hassan 

Is there a way to change opensips port ? Whenever I try it doesn't even start.


On April 20, 2017 9:09:55 PM "Alexander Jankowsky" 
 wrote:





You might need to do a Wireshark trace and find out if the calls originate 
externally into the system.


If you are in an open DMZ with the router, that could be just the start of 
your problems.


I had Opensips 2.3.0-beta in the open on DMZ with the router for only a few 
hours and


I then had a couple of dozen automated break in attempts trying to access 
the system.


You need to pay a lot of attention to the system logs otherwise you may not 
even notice.


Go over your router very carefully and restrict everything you do not need 
exposed.


Port 5060 is a very popular target with automated robots, use another port 
if your able to.




Alex





From: Users [mailto:users-boun...@lists.opensips.org] On Behalf Of Uzair Hassan
Sent: Friday, 21 April 2017 6:16 AM
To: users@lists.opensips.org
Subject: [OpenSIPS-Users] Ghost calls 1001



Hello all,



I have setup a opensips 2.3 on a new server and I'm getting ghost calls 
into my system. How do I stop these ghost call? The opensips server is 
brand new. the install is clean and nothing has been touched after the 
initial simple residential script setup. What can I do to defend myself 
from these ghost calls.


Thank you so much.






--
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] Ghost calls 1001

2017-04-20 Thread Alexander Jankowsky 
 

You might need to do a Wireshark trace and find out if the calls originate 
externally into the system.

If you are in an open DMZ with the router, that could be just the start of your 
problems.

I had Opensips 2.3.0-beta in the open on DMZ with the router for only a few 
hours and

I then had a couple of dozen automated break in attempts trying to access the 
system.

You need to pay a lot of attention to the system logs otherwise you may not 
even notice.

Go over your router very carefully and restrict everything you do not need 
exposed.

Port 5060 is a very popular target with automated robots, use another port if 
your able to.

 

Alex

 

 

From: Users [mailto:users-boun...@lists.opensips.org] On Behalf Of Uzair Hassan
Sent: Friday, 21 April 2017 6:16 AM
To: users@lists.opensips.org
Subject: [OpenSIPS-Users] Ghost calls 1001

 

Hello all, 

 

I have setup a opensips 2.3 on a new server and I'm getting ghost calls into my 
system. How do I stop these ghost call? The opensips server is brand new. the 
install is clean and nothing has been touched after the initial simple 
residential script setup. What can I do to defend myself from these ghost calls.

Thank you so much.

 

___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] Ghost calls 1001

2017-04-20 Thread Uzair Hassan 
Thank you all for your reply's I will learn how to implement fail2ban 
integration in a VM environment and then commit it to the production server. 


From: "David Villasmil"  
To: "users"  
Sent: Thursday, April 20, 2017 3:50:07 PM 
Subject: Re: [OpenSIPS-Users] Ghost calls 1001 

I've always seen the invite, then my "auth required" and then they usually 
never answer, but the keep trying invites with other destination numbers. 
That's why you need to setup your fail2ban 
On Thu, Apr 20, 2017 at 11:42 PM Nabeel < nabeelshik...@gmail.com > wrote: 



In a ghost call, there is no RTP -- only the INVITE. If you answer a ghost 
call, there will be no response. Usually, an IP scanner named 'SipVicious' 
directly sends the INVITE to your client, so your server may not come into play 
at all. 

On 20 Apr 2017 10:32 p.m., "Mundkowsky, Robert" < rmundkow...@ets.org > wrote: 

BQ_BEGIN



Do you mean a client is using SIP/RTP to make a call direct to backend servers 
and bypassing the opensips proxy? Or somehow just using RTP without SIP to 
bypass the opensips proxy? 





Robert 



From: Users [mailto: users-boun...@lists.opensips.org ] On Behalf Of Nabeel 
Sent: Thursday, April 20, 2017 5:17 PM 
To: OpenSIPS users mailling list < users@lists.opensips.org > 
Subject: Re: [OpenSIPS-Users] Ghost calls 1001 




My understanding of ghost calls is that they go directly via the client through 
a loophole in the IP range rather than through the SIP server itself. In this 
case, server-based solutions don't seem likely to work? 





On 20 Apr 2017 10:08 p.m., "Mundkowsky, Robert" < rmundkow...@ets.org > wrote: 
BQ_BEGIN



User authentication at SIP level as well. 



Robert 



From: Users [mailto: users-boun...@lists.opensips.org ] On Behalf Of Aqs Younas 
Sent: Thursday, April 20, 2017 4:55 PM 
To: OpenSIPS users mailling list < users@lists.opensips.org > 
Subject: Re: [OpenSIPS-Users] Ghost calls 1001 




iptables, fail2ban and ip authentication if your users have static ips. 





On 21 April 2017 at 01:46, Uzair Hassan < uzairhas...@shaw.ca > wrote: 
BQ_BEGIN



Hello all, 





I have setup a opensips 2.3 on a new server and I'm getting ghost calls into my 
system. How do I stop these ghost call? The opensips server is brand new. the 
install is clean and nothing has been touched after the initial simple 
residential script setup. What can I do to defend myself from these ghost 
calls. 

Thank you so much. 






___ 
Users mailing list 
Users@lists.opensips.org 
http://lists.opensips.org/cgi-bin/mailman/listinfo/users 











This e-mail and any files transmitted with it may contain privileged or 
confidential information. It is solely for use by the individual for whom it is 
intended, even if addressed incorrectly. If you received this e-mail in error, 
please notify the sender; do not disclose, copy, distribute, or take any action 
in reliance on the contents of this information; and delete it from your 
system. Any other use of this e-mail is prohibited. 



Thank you for your compliance. 




___ 
Users mailing list 
Users@lists.opensips.org 
http://lists.opensips.org/cgi-bin/mailman/listinfo/users 
BQ_END





This e-mail and any files transmitted with it may contain privileged or 
confidential information. It is solely for use by the individual for whom it is 
intended, even if addressed incorrectly. If you received this e-mail in error, 
please notify the sender; do not disclose, copy, distribute, or take any action 
in reliance on the contents of this information; and delete it from your 
system. Any other use of this e-mail is prohibited. 


Thank you for your compliance. 

___ 
Users mailing list 
Users@lists.opensips.org 
http://lists.opensips.org/cgi-bin/mailman/listinfo/users 


BQ_END

___ 
Users mailing list 
Users@lists.opensips.org 
http://lists.opensips.org/cgi-bin/mailman/listinfo/users 

BQ_END


___ 
Users mailing list 
Users@lists.opensips.org 
http://lists.opensips.org/cgi-bin/mailman/listinfo/users 
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] Ghost calls 1001

2017-04-20 Thread David Villasmil 
I've always seen the invite, then my "auth required" and then they usually
never answer, but the keep trying invites with other destination numbers.
That's why you need to setup your fail2ban
On Thu, Apr 20, 2017 at 11:42 PM Nabeel  wrote:

> In a ghost call, there is no RTP -- only the INVITE. If you answer a ghost
> call, there will be no response. Usually, an IP scanner named 'SipVicious'
> directly sends the INVITE to your client, so your server may not come into
> play at all.
>
> On 20 Apr 2017 10:32 p.m., "Mundkowsky, Robert" 
> wrote:
>
>> Do you mean a client is using SIP/RTP to make a call direct to backend
>> servers and bypassing the opensips proxy? Or somehow just using RTP without
>> SIP to bypass the opensips proxy?
>>
>>
>>
>>
>>
>> Robert
>>
>>
>>
>> *From:* Users [mailto:users-boun...@lists.opensips.org] *On Behalf Of *
>> Nabeel
>> *Sent:* Thursday, April 20, 2017 5:17 PM
>> *To:* OpenSIPS users mailling list 
>> *Subject:* Re: [OpenSIPS-Users] Ghost calls 1001
>>
>>
>>
>> My understanding of ghost calls is that they go directly via the client
>> through a loophole in the IP range rather than through the SIP server
>> itself. In this case, server-based solutions don't seem likely to work?
>>
>>
>>
>> On 20 Apr 2017 10:08 p.m., "Mundkowsky, Robert" 
>> wrote:
>>
>> User authentication at SIP level as well.
>>
>>
>>
>> Robert
>>
>>
>>
>> *From:* Users [mailto:users-boun...@lists.opensips.org] *On Behalf Of *Aqs
>> Younas
>> *Sent:* Thursday, April 20, 2017 4:55 PM
>> *To:* OpenSIPS users mailling list 
>> *Subject:* Re: [OpenSIPS-Users] Ghost calls 1001
>>
>>
>>
>> iptables, fail2ban and ip authentication if your users have static ips.
>>
>>
>>
>> On 21 April 2017 at 01:46, Uzair Hassan  wrote:
>>
>> Hello all,
>>
>>
>>
>> I have setup a opensips 2.3 on a new server and I'm getting ghost calls
>> into my system. How do I stop these ghost call? The opensips server is
>> brand new. the install is clean and nothing has been touched after the
>> initial simple residential script setup. What can I do to defend myself
>> from these ghost calls.
>>
>> Thank you so much.
>>
>>
>>
>>
>> ___
>> Users mailing list
>> Users@lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>>
>>
>> --
>>
>> This e-mail and any files transmitted with it may contain privileged or
>> confidential information. It is solely for use by the individual for whom
>> it is intended, even if addressed incorrectly. If you received this e-mail
>> in error, please notify the sender; do not disclose, copy, distribute, or
>> take any action in reliance on the contents of this information; and delete
>> it from your system. Any other use of this e-mail is prohibited.
>>
>>
>>
>> Thank you for your compliance.
>> --
>>
>>
>> ___
>> Users mailing list
>> Users@lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>> --
>>
>> This e-mail and any files transmitted with it may contain privileged or
>> confidential information. It is solely for use by the individual for whom
>> it is intended, even if addressed incorrectly. If you received this e-mail
>> in error, please notify the sender; do not disclose, copy, distribute, or
>> take any action in reliance on the contents of this information; and delete
>> it from your system. Any other use of this e-mail is prohibited.
>>
>> Thank you for your compliance.
>> --
>>
>> ___
>> Users mailing list
>> Users@lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] Ghost calls 1001

2017-04-20 Thread Nabeel 
In a ghost call, there is no RTP -- only the INVITE. If you answer a ghost
call, there will be no response. Usually, an IP scanner named 'SipVicious'
directly sends the INVITE to your client, so your server may not come into
play at all.

On 20 Apr 2017 10:32 p.m., "Mundkowsky, Robert"  wrote:

> Do you mean a client is using SIP/RTP to make a call direct to backend
> servers and bypassing the opensips proxy? Or somehow just using RTP without
> SIP to bypass the opensips proxy?
>
>
>
>
>
> Robert
>
>
>
> *From:* Users [mailto:users-boun...@lists.opensips.org] *On Behalf Of *
> Nabeel
> *Sent:* Thursday, April 20, 2017 5:17 PM
> *To:* OpenSIPS users mailling list 
> *Subject:* Re: [OpenSIPS-Users] Ghost calls 1001
>
>
>
> My understanding of ghost calls is that they go directly via the client
> through a loophole in the IP range rather than through the SIP server
> itself. In this case, server-based solutions don't seem likely to work?
>
>
>
> On 20 Apr 2017 10:08 p.m., "Mundkowsky, Robert" 
> wrote:
>
> User authentication at SIP level as well.
>
>
>
> Robert
>
>
>
> *From:* Users [mailto:users-boun...@lists.opensips.org] *On Behalf Of *Aqs
> Younas
> *Sent:* Thursday, April 20, 2017 4:55 PM
> *To:* OpenSIPS users mailling list 
> *Subject:* Re: [OpenSIPS-Users] Ghost calls 1001
>
>
>
> iptables, fail2ban and ip authentication if your users have static ips.
>
>
>
> On 21 April 2017 at 01:46, Uzair Hassan  wrote:
>
> Hello all,
>
>
>
> I have setup a opensips 2.3 on a new server and I'm getting ghost calls
> into my system. How do I stop these ghost call? The opensips server is
> brand new. the install is clean and nothing has been touched after the
> initial simple residential script setup. What can I do to defend myself
> from these ghost calls.
>
> Thank you so much.
>
>
>
>
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
>
> --
>
> This e-mail and any files transmitted with it may contain privileged or
> confidential information. It is solely for use by the individual for whom
> it is intended, even if addressed incorrectly. If you received this e-mail
> in error, please notify the sender; do not disclose, copy, distribute, or
> take any action in reliance on the contents of this information; and delete
> it from your system. Any other use of this e-mail is prohibited.
>
>
>
> Thank you for your compliance.
> --
>
>
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
> --
>
> This e-mail and any files transmitted with it may contain privileged or
> confidential information. It is solely for use by the individual for whom
> it is intended, even if addressed incorrectly. If you received this e-mail
> in error, please notify the sender; do not disclose, copy, distribute, or
> take any action in reliance on the contents of this information; and delete
> it from your system. Any other use of this e-mail is prohibited.
>
> Thank you for your compliance.
> --
>
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] Ghost calls 1001

2017-04-20 Thread Mundkowsky, Robert 
Do you mean a client is using SIP/RTP to make a call direct to backend servers 
and bypassing the opensips proxy? Or somehow just using RTP without SIP to 
bypass the opensips proxy?


Robert

From: Users [mailto:users-boun...@lists.opensips.org] On Behalf Of Nabeel
Sent: Thursday, April 20, 2017 5:17 PM
To: OpenSIPS users mailling list 
Subject: Re: [OpenSIPS-Users] Ghost calls 1001

My understanding of ghost calls is that they go directly via the client through 
a loophole in the IP range rather than through the SIP server itself. In this 
case, server-based solutions don't seem likely to work?

On 20 Apr 2017 10:08 p.m., "Mundkowsky, Robert" 
mailto:rmundkow...@ets.org>> wrote:
User authentication at SIP level as well.

Robert

From: Users 
[mailto:users-boun...@lists.opensips.org]
 On Behalf Of Aqs Younas
Sent: Thursday, April 20, 2017 4:55 PM
To: OpenSIPS users mailling list 
mailto:users@lists.opensips.org>>
Subject: Re: [OpenSIPS-Users] Ghost calls 1001

iptables, fail2ban and ip authentication if your users have static ips.

On 21 April 2017 at 01:46, Uzair Hassan 
mailto:uzairhas...@shaw.ca>> wrote:
Hello all,

I have setup a opensips 2.3 on a new server and I'm getting ghost calls into my 
system. How do I stop these ghost call? The opensips server is brand new. the 
install is clean and nothing has been touched after the initial simple 
residential script setup. What can I do to defend myself from these ghost calls.

Thank you so much.


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users




This e-mail and any files transmitted with it may contain privileged or 
confidential information. It is solely for use by the individual for whom it is 
intended, even if addressed incorrectly. If you received this e-mail in error, 
please notify the sender; do not disclose, copy, distribute, or take any action 
in reliance on the contents of this information; and delete it from your 
system. Any other use of this e-mail is prohibited.


Thank you for your compliance.



___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



This e-mail and any files transmitted with it may contain privileged or 
confidential information. It is solely for use by the individual for whom it is 
intended, even if addressed incorrectly. If you received this e-mail in error, 
please notify the sender; do not disclose, copy, distribute, or take any action 
in reliance on the contents of this information; and delete it from your 
system. Any other use of this e-mail is prohibited.


Thank you for your compliance.


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] Ghost calls 1001

2017-04-20 Thread Nabeel 
My understanding of ghost calls is that they go directly via the client
through a loophole in the IP range rather than through the SIP server
itself. In this case, server-based solutions don't seem likely to work?

On 20 Apr 2017 10:08 p.m., "Mundkowsky, Robert"  wrote:

> User authentication at SIP level as well.
>
>
>
> Robert
>
>
>
> *From:* Users [mailto:users-boun...@lists.opensips.org] *On Behalf Of *Aqs
> Younas
> *Sent:* Thursday, April 20, 2017 4:55 PM
> *To:* OpenSIPS users mailling list 
> *Subject:* Re: [OpenSIPS-Users] Ghost calls 1001
>
>
>
> iptables, fail2ban and ip authentication if your users have static ips.
>
>
>
> On 21 April 2017 at 01:46, Uzair Hassan  wrote:
>
> Hello all,
>
>
>
> I have setup a opensips 2.3 on a new server and I'm getting ghost calls
> into my system. How do I stop these ghost call? The opensips server is
> brand new. the install is clean and nothing has been touched after the
> initial simple residential script setup. What can I do to defend myself
> from these ghost calls.
>
> Thank you so much.
>
>
>
>
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
>
> --
>
> This e-mail and any files transmitted with it may contain privileged or
> confidential information. It is solely for use by the individual for whom
> it is intended, even if addressed incorrectly. If you received this e-mail
> in error, please notify the sender; do not disclose, copy, distribute, or
> take any action in reliance on the contents of this information; and delete
> it from your system. Any other use of this e-mail is prohibited.
>
> Thank you for your compliance.
> --
>
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] Ghost calls 1001

2017-04-20 Thread Mundkowsky, Robert 
User authentication at SIP level as well.

Robert

From: Users [mailto:users-boun...@lists.opensips.org] On Behalf Of Aqs Younas
Sent: Thursday, April 20, 2017 4:55 PM
To: OpenSIPS users mailling list 
Subject: Re: [OpenSIPS-Users] Ghost calls 1001

iptables, fail2ban and ip authentication if your users have static ips.

On 21 April 2017 at 01:46, Uzair Hassan 
mailto:uzairhas...@shaw.ca>> wrote:
Hello all,

I have setup a opensips 2.3 on a new server and I'm getting ghost calls into my 
system. How do I stop these ghost call? The opensips server is brand new. the 
install is clean and nothing has been touched after the initial simple 
residential script setup. What can I do to defend myself from these ghost calls.

Thank you so much.


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users




This e-mail and any files transmitted with it may contain privileged or 
confidential information. It is solely for use by the individual for whom it is 
intended, even if addressed incorrectly. If you received this e-mail in error, 
please notify the sender; do not disclose, copy, distribute, or take any action 
in reliance on the contents of this information; and delete it from your 
system. Any other use of this e-mail is prohibited.


Thank you for your compliance.


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] Ghost calls 1001

2017-04-20 Thread David Villasmil 
+1 for iptables, fail2ban and ip authentication. Configure you log properly
and have fail2ban ban IPs failing to authenticate.
ᐧ

Regards,

David Villasmil
email: david.villasmil.w...@gmail.com
phone: +34669448337

On Thu, Apr 20, 2017 at 10:54 PM, Aqs Younas  wrote:

> iptables, fail2ban and ip authentication if your users have static ips.
>
> On 21 April 2017 at 01:46, Uzair Hassan  wrote:
>
>> Hello all,
>>
>> I have setup a opensips 2.3 on a new server and I'm getting ghost calls
>> into my system. How do I stop these ghost call? The opensips server is
>> brand new. the install is clean and nothing has been touched after the
>> initial simple residential script setup. What can I do to defend myself
>> from these ghost calls.
>>
>> Thank you so much.
>>
>>
>> ___
>> Users mailing list
>> Users@lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] Ghost calls 1001

2017-04-20 Thread Aqs Younas 
iptables, fail2ban and ip authentication if your users have static ips.

On 21 April 2017 at 01:46, Uzair Hassan  wrote:

> Hello all,
>
> I have setup a opensips 2.3 on a new server and I'm getting ghost calls
> into my system. How do I stop these ghost call? The opensips server is
> brand new. the install is clean and nothing has been touched after the
> initial simple residential script setup. What can I do to defend myself
> from these ghost calls.
>
> Thank you so much.
>
>
> ___
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Re: [OpenSIPS-Users] Ghost calls 1001

2017-04-20 Thread Nabeel 
Hi,

You can set client to use random port instead of standard 5060.

But a better way is to set the client to only allow your required domain,
if possible.

On 20 Apr 2017 9:51 p.m., "Uzair Hassan"  wrote:

Hello all,

I have setup a opensips 2.3 on a new server and I'm getting ghost calls
into my system. How do I stop these ghost call? The opensips server is
brand new. the install is clean and nothing has been touched after the
initial simple residential script setup. What can I do to defend myself
from these ghost calls.

Thank you so much.


___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

[OpenSIPS-Users] ERROR when receive INVITE

2017-04-20 Thread Dragomir Haralambiev 
 Hello,

   I make test with WebRtc.

SIP.js ---send call to ---> (Opensips A) -send call to ---> (Opensips B)

 -
On Opensips A is working rtpengine. This is rtpengine_offer command:
rtpengine_offer("RTP/AVP replace-session-connection replace-origin
ICE=remove");

(Opensips A) send INVITE to (Opensips B)
-
INVITE sip:@IP(OpensipsB):5060 SIP/2.0
Record-Route:

Record-Route:

Via: SIP/2.0/UDP IP(OpensipsA):5060;branch=z9hG4bKe0f3.6f1642c.0;i=5
Via: SIP/2.0/WSS
192.0.2.92;rport=60174;received=2.2.2.2;branch=z9hG4bK5728855
Max-Forwards: 69
To: 
From: "Tester" ;tag=nm6cghjgba
Call-ID: 97gk9m8m3cee4ee8tuk5
CSeq: 8401 INVITE
Contact: 
Allow: ACK,CANCEL,INVITE,MESSAGE,BYE,OPTIONS,INFO,NOTIFY,REFER
Supported: outbound
User-Agent: SIP.js/0.7.7
Content-Type: application/sdp
Content-Length: 942

v=0
o=- 8477435134193294206 2 IN IP4 IP(OpensipsA)
s=-
t=0 0
a=msid-semantic: WMS ZSkkVOStPTOWwji5V63e72mnBS6EI5kyg2bD
m=audio 52428 RTP/AVP 111 103 104 9 0 8 106 105 13 110 112 113 126
c=IN IP4 IP(OpensipsA)
a=rtpmap:111 opus/48000/2
a=rtcp-fb:111 transport-cc
a=fmtp:111 minptime=10;useinbandfec=1
a=rtpmap:103 ISAC/16000
a=rtpmap:104 ISAC/32000
a=rtpmap:9 G722/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:106 CN/32000
a=rtpmap:105 CN/16000
a=rtpmap:13 CN/8000
a=rtpmap:110 telephone-event/48000
a=rtpmap:112 telephone-event/32000
a=rtpmap:113 telephone-event/16000
a=rtpmap:126 telephone-event/8000
a=ssrc:2918965089 cname:O5nwX3GD8YZjD0SG
a=ssrc:2918965089 msid:ZSkkVOStPTOWwji5V63e72mnBS6EI5kyg2bD
b6e9f7a5-930a-4578-b68b-1f3ff098db5f
a=ssrc:2918965089 mslabel:ZSkkVOStPTOWwji5V63e72mnBS6EI5kyg2bD
a=ssrc:2918965089 label:b6e9f7a5-930a-4578-b68b-1f3ff098db5f
a=sendrecv
a=rtcp:52429
a=rtcp-mux

-
Opensisp B workin without rtpengine. When receive INVITE make follow ERRORS:
-
Apr 20 22:58:31 /usr/local/sbin/opensips[2144]: ERROR:core:parse_via:
parsed so far:
Apr 20 22:58:31 /usr/local/sbin/opensips[2144]: ERROR:core:get_hdr_field:
bad via
Apr 20 22:58:31 /usr/local/sbin/opensips[2144]: INFO:core:parse_headers:
bad header field
Apr 20 22:58:31 /usr/local/sbin/opensips[2144]: ERROR:core:parse_via: bad
char  on state 122

What I do to resolve this problem?

Best regards,
Dragomir
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

[OpenSIPS-Users] Ghost calls 1001

2017-04-20 Thread Uzair Hassan 
Hello all, 

I have setup a opensips 2.3 on a new server and I'm getting ghost calls into my 
system. How do I stop these ghost call? The opensips server is brand new. the 
install is clean and nothing has been touched after the initial simple 
residential script setup. What can I do to defend myself from these ghost 
calls. 

Thank you so much. 

___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

[OpenSIPS-Users] How to now if Cflags == NAT ?

2017-04-20 Thread Rodrigo Pimenta Carvalho 
Dear OpenSIPS users,


Every time a SIP UAC registers in my OpenSIPS, if such agent is behind a NAT, 
the location record receives the NAT flag in the Cflags column. My Opensips 
configuration file is responsible for that.

For example:


AOR:: 1000
Contact:: sip:1000@192.168.21.5:59047;transport=TLS;ob Q=
Expires:: 298
Callid:: ec88647d89564d9b8cf112cb254d0f04
Cseq:: 34066
User-agent:: MicroSIP/3.11.0
Received:: sip::59047;transport=TLS
State:: CS_SYNC
Flags:: 0
Cflags:: NAT   <<===  HERE IS THE NAT FLAG.


Now, if a SIP INVITE arrives in my OpenSIPS, from a UAC that is behind a NAT, I 
need do something like this:

if (Cflags == NAT) {

fix_nated_sdp("10")

};


What is the correct way to investigate if Cflags is equals to NAT ? I mean, how 
to program such check in the script file?


Any hint will be very helpful!


Best regards!



RODRIGO PIMENTA CARVALHO
Inatel Competence Center
Software
Ph: +55 35 3471 9200 RAMAL 979
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

[OpenSIPS-Users] support for cloudamqp

2017-04-20 Thread Tito Cumpen 
Hello,

I was wondering if there was any intention to update the amqp support to
allow opensips to post events to cloudamqp(https://www.cloudamqp.com). When
I try to connect cloudamqp it fails because it is outdated.

Thanks,
Tito
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users