while doing some tests, i noticed that one of my proxies started to
receive lots of register requests with different user names starting
from a letter. there was also invite attempts in the logs. they came
from ip 202.82.16.99 which according to traceroute is somewhere in
china.
should we start
Juha,
I think we should be specially careful about black-lists. We receive
many of these attacks in a per-day basis and a lot of them are from
residential addresses or university, so I'm guessing some kind of worm
or trojan performing the attack from various IPs.
If you have the time, try
I'm second for fail2ban. I block IP addresses with failed registration
attempts for 1 hour. Here is my setup:
kamailio.cfg:
if (is_method(REGISTER)) {
if(www_authorize(, subscriber) 0) {
if($rc == -1) {
xlog(L_INFO,Invalid username from
I watched live an attack on voipuser.org while running 3.1 before
release. It lasted 18 hours. I didn't want to ban it because was useful
for testing and see if it reveals any weak. In most of the cases it hit
pike module. I got some data and plan to make an article about it soon.
Anyhow, as
2010/10/24 Daniel-Constantin Mierla mico...@gmail.com:
Using fail2ban together with IP tables has the advantage of dropping the
packets before getting to application and eating cpu
I have a testing platfotm with Kamailio and fail2ban working more or
less as explained in this thread. But I
On 10/24/2010 12:18 PM, Iñaki Baz Castillo wrote:
Of course, the perfect solution would be Kamailio acting as fail2ban.
This is, pike module inserting dynamic rules in iptables. Opinnions?
You could spawn a Perl script that does it, but it'd be kind of slow.
I think to come up with a good
probably omitted by mistake, but please keep the mailing list cc-ed.
On 10/24/10 3:38 PM, Sergey Okhapkin wrote:
Note that I check return code of www_authorize to be -1 (invalid user) and
block IP in this case only. Other error codes should not block the IP address.
This one remembered me that
Correction - auth module is merged in 3.1, but auth_db modules are still
separate.
On Sunday 24 October 2010, Daniel-Constantin Mierla wrote:
probably omitted by mistake, but please keep the mailing list cc-ed.
On 10/24/10 3:38 PM, Sergey Okhapkin wrote:
Note that I check return code of
On 10/24/2010 03:34 PM, Daniel-Constantin Mierla wrote:
what do you mean by outside process?
For example, with app_lua, the interpreter is linked to the code, so
is no external process, it is like cfg interpreter, just that it
resides in a module, not in core.
Oh, I did not realise it is so
On 10/24/10 10:12 PM, Sergey Okhapkin wrote:
Correction - auth module is merged in 3.1, but auth_db modules are still
separate.
yes, only auth modules were merged, like I wrote.
auth_db functions use return codes and API functions from auth module.
Cheers,
Daniel
On Sunday 24 October 2010,
I'm working on migration of my kamailio.cfg from v1.4 to 3.1 and stuck with
weird problem:
0(25026) ERROR: auth_db [authdb_mod.c:236]: empty parameter 1 not allowed
0(25026) ERROR: core [route.c:1161]: fixing failed (code=-1) at
cfg:/usr/local/etc/kamailio/kamailio.cfg.31:433
0(25026) ERROR:
On 10/24/2010 04:44 PM, Sergey Okhapkin wrote:
I'm working on migration of my kamailio.cfg from v1.4 to 3.1 and stuck with
weird problem:
0(25026) ERROR: auth_db [authdb_mod.c:236]: empty parameter 1 not allowed
0(25026) ERROR:core [route.c:1161]: fixing failed (code=-1) at
12 matches
Mail list logo
