Hi all,
Also, aside checking the callrate (with ratelimit) or the UA (from
script), you should also consider using the pike module for detecting
DOS attackes based on floods.
http://www.opensips.org/html/docs/modules/1.7.x/pike.html
Regards,
Bogdan
On 01/16/2012 07:35 AM, [email protected] wrote:
Hello
I use ngrep watch the proto.
U 2012/01/16 13:34:42.782438 173.0.60.180:5078 -> 10.10.12.70:5060
REGISTER sip:10.10.12.70 SIP/2.0.
Via: SIP/2.0/UDP 173.0.60.180:5078;branch=z9hG4bK-3900389486;rport.
Content-Length: 0.
From: "108"<sip:[email protected]>.
Accept: application/sdp.
User-Agent: friendly-scanner.
To: "108"<sip:[email protected]>.
Contact: sip:[email protected].
CSeq: 1 REGISTER.
Call-ID: 1312362532.
Max-Forwards: 70.
.
#
U 2012/01/16 13:34:42.782913 173.0.60.180:5078 -> 10.10.12.70:5060
REGISTER sip:10.10.12.70 SIP/2.0.
Via: SIP/2.0/UDP 173.0.60.180:5078;branch=z9hG4bK-4136329935;rport.
Content-Length: 0.
From: "108"<sip:[email protected]>.
Accept: application/sdp.
User-Agent: friendly-scanner.
To: "108"<sip:[email protected]>.
Contact: sip:[email protected].
CSeq: 1 REGISTER.
Call-ID: 1936335613.
Max-Forwards: 70.
.
#
U 2012/01/16 13:34:42.783353 173.0.60.180:5078 -> 10.10.12.70:5060
REGISTER sip:10.10.12.70 SIP/2.0.
Via: SIP/2.0/UDP 173.0.60.180:5078;branch=z9hG4bK-2752077727;rport.
Content-Length: 0.
From: "108"<sip:[email protected]>.
Accept: application/sdp.
User-Agent: friendly-scanner.
To: "108"<sip:[email protected]>.
Contact: sip:[email protected].
CSeq: 1 REGISTER.
Call-ID: 3116948484.
Max-Forwards: 70.
.
How to block register attack?
Thanks for your support.
Nick
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
--
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
OpenSIPS solutions and "know-how"
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
