I have placed the code below right underneath the route portion in the 
kamailio.cfg file restarted kamailio and I am still being attacked.

####### Routing Logic ########


# main request routing logic

route{

        if ($ua=="friendly-scanner") {
                sl_send_reply("200","OK"); 
                exit;
        }

On Nov 26, 2013, at 5:29 PM, Daniel Grotti <dgro...@sipwise.com> wrote:

> Hi,
> you can check the User-Agent reference $ua, if it is equal to
> "friendly-scanner", just send back a reply with sl_send_reply("200", "OK")
> 
> Daniel
> 
> 
> 
> On 11/26/2013 10:53 PM, Joli Martinez wrote:
>> How can I do this?  Is there an article I can reference or something?  I am 
>> new to kamailio and not sure how to do this.
>> 
>> Thanks,
>> 
>> On Nov 26, 2013, at 4:41 PM, Ovidiu Sas <o...@voipembedded.com> wrote:
>> 
>>> Google around for "friendly-scanner" to learn more about it.
>>> In the mean time, allow the packets to be handled by kamailio and send
>>> a 200ok back - maybe this will stop the attack.
>>> After the attack is stopped, simply drop all "friendly-scanner" SIP 
>>> requests :)
>>> 
>>> Regards,
>>> Ovidiu Sas
>>> 
>>> On Tue, Nov 26, 2013 at 4:32 PM, Joli Martinez <mrjoli...@gmail.com> wrote:
>>>> it is comming from "friendly-scanner" The other issue I have is that 
>>>> "/var/log/secure" is not getting the sip requests so the only way I 
>>>> realize it is happeing is from tcpdump.  If the secure file is not picking 
>>>> it up then iptables wont know about it.  How can I tell iptables to listen 
>>>> for sip requests?  I have already added the IP to the blocked IP's but he 
>>>> still keeps on comming.
>>>> 
>>>> Thanks,
>>>> 
>>>> On Nov 26, 2013, at 4:28 PM, Ovidiu Sas <o...@voipembedded.com> wrote:
>>>> 
>>>>> Most likely it's a bogus script.
>>>>> Sometimes just sending a dummy reply, will stop the script sending SIP 
>>>>> requests.
>>>>> Check the User-Agent header and from username to see if you can
>>>>> identify the script and google around for it.
>>>>> 
>>>>> Regards,
>>>>> Ovidiu Sas
>>>>> 
>>>>> On Tue, Nov 26, 2013 at 4:17 PM, Joli Martinez <mrjoli...@gmail.com> 
>>>>> wrote:
>>>>>> I am running Kamailio in CentOS.  I ran tcpdump and noticed that we are 
>>>>>> getting attacked from IP 188.138.32.72.  I have already blocked it on 
>>>>>> IPtables, but he keeps on attacking the server.  If I look at 
>>>>>> "/var/log/secure" there are no SIP messages.  My question is where is 
>>>>>> the log file for Kamailio and how can I prevent this type of attacks in 
>>>>>> the future.
>>>>>> 
>>>>>> Thanks,
>>>>>> _______________________________________________
>>>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>>>>> sr-users@lists.sip-router.org
>>>>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>>> 
>>>>> 
>>>>> 
>>>>> --
>>>>> VoIP Embedded, Inc.
>>>>> http://www.voipembedded.com
>>>>> 
>>>>> _______________________________________________
>>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>>>> sr-users@lists.sip-router.org
>>>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>> 
>>>> 
>>>> _______________________________________________
>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>>> sr-users@lists.sip-router.org
>>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>> 
>>> 
>>> 
>>> -- 
>>> VoIP Embedded, Inc.
>>> http://www.voipembedded.com
>>> 
>>> _______________________________________________
>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>> sr-users@lists.sip-router.org
>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>> 
>> 
>> _______________________________________________
>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>> sr-users@lists.sip-router.org
>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>> 
> 
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users@lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users

Reply via email to