Sending a 200 ok will notify the hacker that a sip server exists on the IP/port, simply ignoring the request is best.
On Apr 21, 2017 12:20 PM, "johan de clercq" <[email protected]> wrote: > Another approach is sending 200 ok and then exit(). > > > > *From:* Users [mailto:[email protected]] *On Behalf Of *Schneur > Rosenberg > *Sent:* Friday, April 21, 2017 11:00 AM > *To:* OpenSIPS users mailling list <[email protected]> > *Subject:* Re: [OpenSIPS-Users] Ghost calls 1001 > > > > User agent variable is stored in $ua do a if and drop() > > > > Regarding iptables do something like this > > > > > > https://community.freepbx.org/t/stop-sipvicious-friendly-scanner/28580 > > > > > > On Apr 21, 2017 10:12 AM, "Uzair Hassan" <[email protected]> wrote: > > Is there any documentation I could read to understand the process you just > described? > > On April 20, 2017 11:15:54 PM Schneur Rosenberg <[email protected]> > wrote: > > In addition to iptables/fail2ban you should inspect the useragent that the > packets come from, most of them will come from sip vicious or friendly > scanner etc, you can block them with iptables and/or with drop() in > opensips, this will stop the scanner right away because he won't get any > replies so he will just move on. > > > > On Apr 21, 2017 8:11 AM, "Uzair Hassan" <[email protected]> wrote: > > Is there a way to change opensips port ? Whenever I try it doesn't even > start. > > On April 20, 2017 9:09:55 PM "Alexander Jankowsky" < > [email protected]> wrote: > > > > You might need to do a Wireshark trace and find out if the calls originate > externally into the system. > > If you are in an open DMZ with the router, that could be just the start of > your problems. > > I had Opensips 2.3.0-beta in the open on DMZ with the router for only a > few hours and > > I then had a couple of dozen automated break in attempts trying to access > the system. > > You need to pay a lot of attention to the system logs otherwise you may > not even notice. > > Go over your router very carefully and restrict everything you do not need > exposed. > > Port 5060 is a very popular target with automated robots, use another port > if your able to. > > > > Alex > > > > > > *From:* Users [mailto:[email protected]] *On Behalf Of *Uzair > Hassan > *Sent:* Friday, 21 April 2017 6:16 AM > *To:* [email protected] > *Subject:* [OpenSIPS-Users] Ghost calls 1001 > > > > Hello all, > > > > I have setup a opensips 2.3 on a new server and I'm getting ghost calls > into my system. How do I stop these ghost call? The opensips server is > brand new. the install is clean and nothing has been touched after the > initial simple residential script setup. What can I do to defend myself > from these ghost calls. > > Thank you so much. > > > > _______________________________________________ > Users mailing list > [email protected] > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > _______________________________________________ > Users mailing list > [email protected] > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > _______________________________________________ > Users mailing list > [email protected] > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > _______________________________________________ > Users mailing list > [email protected] > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > > > _______________________________________________ > Users mailing list > [email protected] > http://lists.opensips.org/cgi-bin/mailman/listinfo/users > >
_______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
