Hi ! you might want to check this APIBAN - Block Bad SIP Traffic <https://apiban.org/>
Fred Posner is the one to blame for this fantastic tool :) Atenciosamente / Kind Regards / Cordialement / Un saludo, *Sérgio Charrua* On Thu, Oct 24, 2024 at 3:49 AM mayamatakeshi via sr-users < [email protected]> wrote: > Hi, > I was going through some old company tickets that I am assigned to and > found a case when possibly an attacker flooded our kamailio server with > invalid sip messages like this: > > 2019-04-27T20:14:05.533554+09:00 IPX051 > /usr/local/src/git/sip-router/kamailio[1732]: ERROR: <core> > [parser/msg_parser.c:714]: ERROR: parse_msg: > message=<[F#016sD#026Z<8D>97<F8><B5>;<A9><E7>-<D2>(<E2><F6> > > v;/#021k\<CC>8<B1>λ<F4>#004M<B6><BE><EC>#035#003<94><E1>=<A0><FF><E3><AF>Kwzr<8B>A#036B<D7>#027#023cu<82>Y<D4>#037<FB><AC>S_<C4>Qg<AB><DE>F<88>I#006<8C><FA><F4>~#y3G<C7>H<80>b<BC><AD>#035<89>#002<DB><C8>#001U<9E>#007<CB><F9>nT<E5><EE><8E><F1>#0144> > > At that time we manually banned the IP. > But it would be helpful to have this done automatically by fail2ban. > So I was thinking this log should include the src IP address. > I looked at the latest kamailio commit and core/parser/msg_parser.c does > this log the same way so I was thinking in opening an issue for this. > But maybe this should be dealt with differently. > Any ideas? > > > > __________________________________________________________ > Kamailio - Users Mailing List - Non Commercial Discussions > To unsubscribe send an email to [email protected] > Important: keep the mailing list in the recipients, do not reply only to > the sender! > Edit mailing list options or unsubscribe: >
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to [email protected] Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
