User agent variable is stored in $ua do a if and drop() Regarding iptables do something like this
https://community.freepbx.org/t/stop-sipvicious-friendly-scanner/28580 On Apr 21, 2017 10:12 AM, "Uzair Hassan" <[email protected]> wrote: > Is there any documentation I could read to understand the process you just > described? > > On April 20, 2017 11:15:54 PM Schneur Rosenberg <[email protected]> > wrote: > >> In addition to iptables/fail2ban you should inspect the useragent that >> the packets come from, most of them will come from sip vicious or friendly >> scanner etc, you can block them with iptables and/or with drop() in >> opensips, this will stop the scanner right away because he won't get any >> replies so he will just move on. >> >> On Apr 21, 2017 8:11 AM, "Uzair Hassan" <[email protected]> wrote: >> >>> Is there a way to change opensips port ? Whenever I try it doesn't even >>> start. >>> >>> On April 20, 2017 9:09:55 PM "Alexander Jankowsky" < >>> [email protected]> wrote: >>> >>>> >>>> >>>> You might need to do a Wireshark trace and find out if the calls >>>> originate externally into the system. >>>> >>>> If you are in an open DMZ with the router, that could be just the start >>>> of your problems. >>>> >>>> I had Opensips 2.3.0-beta in the open on DMZ with the router for only a >>>> few hours and >>>> >>>> I then had a couple of dozen automated break in attempts trying to >>>> access the system. >>>> >>>> You need to pay a lot of attention to the system logs otherwise you may >>>> not even notice. >>>> >>>> Go over your router very carefully and restrict everything you do not >>>> need exposed. >>>> >>>> Port 5060 is a very popular target with automated robots, use another >>>> port if your able to. >>>> >>>> >>>> >>>> Alex >>>> >>>> >>>> >>>> >>>> >>>> *From:* Users [mailto:[email protected]] *On Behalf Of >>>> *Uzair >>>> Hassan >>>> *Sent:* Friday, 21 April 2017 6:16 AM >>>> *To:* [email protected] >>>> *Subject:* [OpenSIPS-Users] Ghost calls 1001 >>>> >>>> >>>> >>>> Hello all, >>>> >>>> >>>> >>>> I have setup a opensips 2.3 on a new server and I'm getting ghost calls >>>> into my system. How do I stop these ghost call? The opensips server is >>>> brand new. the install is clean and nothing has been touched after the >>>> initial simple residential script setup. What can I do to defend myself >>>> from these ghost calls. >>>> >>>> Thank you so much. >>>> >>>> >>>> _______________________________________________ >>>> Users mailing list >>>> [email protected] >>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >>>> >>> >>> _______________________________________________ >>> Users mailing list >>> [email protected] >>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >>> >>> _______________________________________________ >> Users mailing list >> [email protected] >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users >> > > _______________________________________________ > Users mailing list > [email protected] > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > >
_______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
