Thanks for reply, It's OK. The best solution. Best regards
On 11/3/10, Flavio Goncalves <[email protected]> wrote: > Hi, > > Register attacks are now an epidemy. In most cases they are using the > friendly-scanner (svcrack.py) from sipvicious.org. One easy way to > block is to check the user agent for the words "friendly-scanner"and > drop the packets (an attacker could easily change the user agent, but > most of them are just script kiddies). There is a good tutorial in the > opensips website on how to use fail2ban to block the IP address of the > offenders (I think this is the best long term solution). > > http://www.opensips.org/Resources/DocsTutFail2ban (posted in sept/2010 > by the user named aseques) > > In some cases, when the attacker uses an old version of svcrack.py it > floods your server. I have received four gigs of traffic in a single > day from just one source. There is a small utility from sipvicious.org > called svcrash.py capable to crash the attacker sending a malformed > packet. > > I hope it helps, it has been a pain to handle these attacks everyday. > In a normal day we are receiving from 4 to 8 attacks from different > sources. > > Best regards, > > -------------------------------------------------- > Flavio E. Goncalves > CEO - V.Office > Fone: +554830258590/+554884085000 > OpenSIPS Bootcamp (Frankfurt Sep 20-24) > > > > > 2010/11/2 Hung Nguyen <[email protected]>: >> Hi every body! >> >> I have a problem with attacker as following: >> >> >> attack registrar >> >> register -------------> >> register -------------> >> ... >> register -------------> >> >> >> Attacker send 200 registers/second so registrar server is error. This >> is configuration for register method: >> >> route[2] { >> >> # ---------------------------------------------------------- >> # REGISTER Message Handler >> # ---------------------------------------------------------- >> >> if (!search("^Contact:[ ]*\*") && nat_uac_test("7")) { >> setflag(6); >> fix_nated_register(); >> fix_nated_contact(); >> force_rport(); >> }; >> >> if (!radius_www_authorize("abc.com")) { >> www_challenge("abc.com", "0"); >> exit; >> }; >> consume_credentials(); >> >> if (!save("location")) { >> sl_reply_error(); >> }; >> } >> >> Please help me, >> >> Thanks. >> >> Hung >> >> _______________________________________________ >> Users mailing list >> [email protected] >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >> > > _______________________________________________ > Users mailing list > [email protected] > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
