Hello,
I see the message gets to the config file, hitting sanity module. What
you can do is to use fail2ban for automatic interaction with iptables --
you can inspire from this tutorial:
* http://kb.asipto.com/kamailio:usage:k31-sip-scanning-attack#fail2ban
You will just have a different condition, based on sanity and eventual
some regexp to detect this specific case, to print the log message that
is searched by fail2ban.
Cheers,
Daniel
On 4/17/12 5:21 PM, Reda Aouad wrote:
Hi,
Do you have any client that is sending a corrupt request to the
"AddPac SIP Gateway" at 190.22.140.170, so that this gateway is
replying "400 bad request" ? Maybe you could resolve this problem at
the source..
If it's not the case, you can send an email to the owner of the IP
address.
A quick lookup on the IP address on www.network-tools.com
<http://www.network-tools.com> gives you a hint on the owner.
Reda
On Tue, Apr 17, 2012 at 17:19, Vineet Menon <mvineetme...@gmail.com
<mailto:mvineetme...@gmail.com>> wrote:
IMHO preventing the packet to reach kamailio is better (via
iptables) than doing something in kamailio itself....
Regards,
Vineet Menon
On 17 April 2012 20:32, Ricardo Martinez <rmarti...@redvoiss.net
<mailto:rmarti...@redvoiss.net>> wrote:
Hello.
I was wondering if someone could help me here. From time to
time I stat to receive from the internet this SIP message :
U 190.22.140.170:51316 <http://190.22.140.170:51316> ->
64.76.154.110:5060 <http://64.76.154.110:5060>
SIP/2.0 400 BadRequest.
Via: .
From: .
To: .
Call-ID: .
CSeq: .
User-Agent: AddPac SIP Gateway.
Content-Length: 0.
.
At burst rate of 124 pps (packets per second), this meesage is
entering to Kamailio routine and generating a lot of ERROR
logs lie these :
Apr 1 03:32:19 kmborde /usr/local/sbin/kamailio[2311]: ERROR:
<core> [parser/msg_parser.c:179]: ERROR: get_hdr_field: bad to
header
Apr 1 03:32:19 kmborde /usr/local/sbin/kamailio[2311]: INFO:
<core> [parser/msg_parser.c:353]: ERROR: bad header field [To:
<sip:Re
gister=>5]
Apr 1 03:32:19 kmborde /usr/local/sbin/kamailio[2311]: ERROR:
<core> [parser/msg_parser.c:179]: ERROR: get_hdr_field: bad to
header
Apr 1 03:32:19 kmborde /usr/local/sbin/kamailio[2311]: INFO:
<core> [parser/msg_parser.c:353]: ERROR: bad header field [To:
<sip:Re
gister=>5]
Apr 1 03:32:19 kmborde /usr/local/sbin/kamailio[2311]: ERROR:
<core> [parser/msg_parser.c:179]: ERROR: get_hdr_field: bad to
header
Apr 1 03:32:19 kmborde /usr/local/sbin/kamailio[2311]: INFO:
<core> [parser/msg_parser.c:353]: ERROR: bad header field [To:
<sip:Re
gister=>5]
Apr 1 03:32:19 kmborde /usr/local/sbin/kamailio[2311]: ERROR:
<core> [msg_translator.c:1943]: ERROR:
build_res_buf_from_sip_req: al
as, parse_headers failed
Apr 1 03:32:19 kmborde /usr/local/sbin/kamailio[2311]:
WARNING: sanity [sanity.c:254]: sanity_check():
check_required_headers(): fa
iled to send 400 via sl reply
Apr 1 03:32:20 kmborde /usr/local/sbin/kamailio[2301]: ERROR:
<core> [parser/msg_parser.c:179]: ERROR: get_hdr_field: bad to
header
Apr 1 03:32:20 kmborde /usr/local/sbin/kamailio[2301]: INFO:
<core> [parser/msg_parser.c:353]: ERROR: bad header field [To:
<sip:Re
gister=>5]
Apr 1 03:32:20 kmborde /usr/local/sbin/kamailio[2301]: ERROR:
<core> [parser/msg_parser.c:179]: ERROR: get_hdr_field: bad to
header
Apr 1 03:32:20 kmborde /usr/local/sbin/kamailio[2301]: INFO:
<core> [parser/msg_parser.c:353]: ERROR: bad header field [To:
<sip:Re
gister=>5]
Apr 1 03:32:20 kmborde /usr/local/sbin/kamailio[2301]: ERROR:
<core> [parser/msg_parser.c:179]: ERROR: get_hdr_field: bad to
header
Apr 1 03:32:20 kmborde /usr/local/sbin/kamailio[2301]: INFO:
<core> [parser/msg_parser.c:353]: ERROR: bad header field [To:
<sip:Re
gister=>5]
Apr 1 03:32:20 kmborde /usr/local/sbin/kamailio[2301]: ERROR:
<core> [msg_translator.c:1943]: ERROR:
build_res_buf_from_sip_req: al
as, parse_headers failed
Apr 1 03:32:20 kmborde /usr/local/sbin/kamailio[2301]:
WARNING: sanity [sanity.c:254]: sanity_check():
check_required_headers(): fa
iled to send 400 via sl reply
Apr 1 03:32:23 kmborde /usr/local/sbin/kamailio[2320]: ERROR:
<core> [parser/msg_parser.c:179]: ERROR: get_hdr_field: bad to
header
Apr 1 03:32:23 kmborde /usr/local/sbin/kamailio[2320]: INFO:
<core> [parser/msg_parser.c:353]: ERROR: bad header field [To:
<sip:Re
gister=>5]
Apr 1 03:32:23 kmborde /usr/local/sbin/kamailio[2320]: ERROR:
<core> [parser/msg_parser.c:179]: ERROR: get_hdr_field: bad to
header
Apr 1 03:32:23 kmborde /usr/local/sbin/kamailio[2320]: INFO:
<core> [parser/msg_parser.c:353]: ERROR: bad header field [To:
<sip:Re
gister=>5]
Apr 1 03:32:23 kmborde /usr/local/sbin/kamailio[2320]: ERROR:
<core> [parser/msg_parser.c:179]: ERROR: get_hdr_field: bad to
header
Apr 1 03:32:23 kmborde /usr/local/sbin/kamailio[2320]: INFO:
<core> [parser/msg_parser.c:353]: ERROR: bad header field [To:
<sip:Re
gister=>5]
Apr 1 03:32:23 kmborde /usr/local/sbin/kamailio[2320]: ERROR:
<core> [msg_translator.c:1943]: ERROR:
build_res_buf_from_sip_req: al
as, parse_headers failed
Apr 1 03:32:23 kmborde /usr/local/sbin/kamailio[2320]:
WARNING: sanity [sanity.c:254]: sanity_check():
check_required_headers(): fa
iled to send 400 via sl reply
The only way that I have now for blocking this packet to hit
the Kamailio server is via iptables :
iptables -A INPUT -s 190.22.140.170 -p udp --dport 5060 --jump
REJECT
Is there a better way to do this?!
Thanks in advance,
**
*Ricardo Martinez.-*
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users
mailing list
sr-users@lists.sip-router.org
<mailto:sr-users@lists.sip-router.org>
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing
list
sr-users@lists.sip-router.org <mailto:sr-users@lists.sip-router.org>
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla
Kamailio Advanced Training, April 23-26, 2012, Berlin, Germany
http://www.asipto.com/index.php/kamailio-advanced-training/
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
