Hi,
Funny thing, I just used sipvicious and in less that 10 minutes I changed
the user-agent field from "friendly-scanner" to "Google-Chrome" .. Where is
our "friendly-scanner" condition now ?
So a 10,000 extensions scan All went directly to my DB and put everyone in
trouble, had there been a pike module to capture first 10-15/30 attempts it
could've saved us from getting the DB chocked.
Moreover, if I had an action trigger if(pike == true){avp_exec(my-blocker.sh
ip.of.hack.er);} to put the newly captured IP into the IPtables list as
well as push the IP address into a custom web-service to alert all the
neighbours of this new hacker IP everything could've been perfect.
You are welcome Mr. VoIP Engineer, I really hope this thread helped you a
little bit.
BR
Sammy
On Wed, Oct 10, 2012 at 12:29 PM, Engineer voip <forvo...@gmail.com> wrote:
> Hi,
> Thank you all for the reply.
>
> 2012/10/9 Adam Raszynski <netcentr...@gmail.com>
>
>> I use the following code on all my production OpenSIPS servers.
>> It's CPU friendly and avoids being spotted by bots searching for
>> open-relay VoIP servers.
>>
>> route{
>> # put it at the very beginning of route section
>> if($ua=~"friendly-scanner") {
>> xlog("L_ERROR", "Auth error for $fU@$fd from $si method $rm
>> user-agent (friendly-scanner)\n");
>> drop();
>> exit;
>> }
>> (...)
>>
>> Since I added that code problem with friendly scanner is over.
>>
>> _______________________________________________
>> Users mailing list
>> Users@lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>
>
> --
>
> Best Regards.
>
>
>
> _______________________________________________
> Users mailing list
> Users@lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
