I have placed the code below right underneath the route portion in the kamailio.cfg file restarted kamailio and I am still being attacked.
####### Routing Logic ######## # main request routing logic route{ if ($ua=="friendly-scanner") { sl_send_reply("200","OK"); exit; } On Nov 26, 2013, at 5:29 PM, Daniel Grotti <dgro...@sipwise.com> wrote: > Hi, > you can check the User-Agent reference $ua, if it is equal to > "friendly-scanner", just send back a reply with sl_send_reply("200", "OK") > > Daniel > > > > On 11/26/2013 10:53 PM, Joli Martinez wrote: >> How can I do this? Is there an article I can reference or something? I am >> new to kamailio and not sure how to do this. >> >> Thanks, >> >> On Nov 26, 2013, at 4:41 PM, Ovidiu Sas <o...@voipembedded.com> wrote: >> >>> Google around for "friendly-scanner" to learn more about it. >>> In the mean time, allow the packets to be handled by kamailio and send >>> a 200ok back - maybe this will stop the attack. >>> After the attack is stopped, simply drop all "friendly-scanner" SIP >>> requests :) >>> >>> Regards, >>> Ovidiu Sas >>> >>> On Tue, Nov 26, 2013 at 4:32 PM, Joli Martinez <mrjoli...@gmail.com> wrote: >>>> it is comming from "friendly-scanner" The other issue I have is that >>>> "/var/log/secure" is not getting the sip requests so the only way I >>>> realize it is happeing is from tcpdump. If the secure file is not picking >>>> it up then iptables wont know about it. How can I tell iptables to listen >>>> for sip requests? I have already added the IP to the blocked IP's but he >>>> still keeps on comming. >>>> >>>> Thanks, >>>> >>>> On Nov 26, 2013, at 4:28 PM, Ovidiu Sas <o...@voipembedded.com> wrote: >>>> >>>>> Most likely it's a bogus script. >>>>> Sometimes just sending a dummy reply, will stop the script sending SIP >>>>> requests. >>>>> Check the User-Agent header and from username to see if you can >>>>> identify the script and google around for it. >>>>> >>>>> Regards, >>>>> Ovidiu Sas >>>>> >>>>> On Tue, Nov 26, 2013 at 4:17 PM, Joli Martinez <mrjoli...@gmail.com> >>>>> wrote: >>>>>> I am running Kamailio in CentOS. I ran tcpdump and noticed that we are >>>>>> getting attacked from IP 188.138.32.72. I have already blocked it on >>>>>> IPtables, but he keeps on attacking the server. If I look at >>>>>> "/var/log/secure" there are no SIP messages. My question is where is >>>>>> the log file for Kamailio and how can I prevent this type of attacks in >>>>>> the future. >>>>>> >>>>>> Thanks, >>>>>> _______________________________________________ >>>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list >>>>>> sr-users@lists.sip-router.org >>>>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users >>>>> >>>>> >>>>> >>>>> -- >>>>> VoIP Embedded, Inc. >>>>> http://www.voipembedded.com >>>>> >>>>> _______________________________________________ >>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list >>>>> sr-users@lists.sip-router.org >>>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users >>>> >>>> >>>> _______________________________________________ >>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list >>>> sr-users@lists.sip-router.org >>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users >>> >>> >>> >>> -- >>> VoIP Embedded, Inc. >>> http://www.voipembedded.com >>> >>> _______________________________________________ >>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list >>> sr-users@lists.sip-router.org >>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users >> >> >> _______________________________________________ >> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list >> sr-users@lists.sip-router.org >> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users >> > > _______________________________________________ > SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list > sr-users@lists.sip-router.org > http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users