thank you, i added this to my opensips.cfg file and it started successfully. Lets see if it works.
From: "Nabeel" <[email protected]> To: "users" <[email protected]> Sent: Friday, April 21, 2017 2:23:52 AM Subject: Re: [OpenSIPS-Users] Ghost calls 1001 In case the call is attempted via your server, you can add the following to opensips.cfg to block sip scanners: if($ua=~"friendly-scanner") { xlog("L_ERROR", "Auth error for $fU@$fd from $si method $rm user-agent (friendly-scanner)\n"); drop(); exit; } if($ua=~"sipvicious") { xlog("L_ERROR", "Auth error for $fU@$fd from $si method $rm user-agent (friendly-scanner)\n"); drop(); exit; } On 21 Apr 2017 8:12 a.m., "Uzair Hassan" < [email protected] > wrote: Is there any documentation I could read to understand the process you just described? On April 20, 2017 11:15:54 PM Schneur Rosenberg < [email protected] > wrote: BQ_BEGIN In addition to iptables/fail2ban you should inspect the useragent that the packets come from, most of them will come from sip vicious or friendly scanner etc, you can block them with iptables and/or with drop() in opensips, this will stop the scanner right away because he won't get any replies so he will just move on. On Apr 21, 2017 8:11 AM, "Uzair Hassan" < [email protected] > wrote: BQ_BEGIN Is there a way to change opensips port ? Whenever I try it doesn't even start. On April 20, 2017 9:09:55 PM "Alexander Jankowsky" < [email protected] > wrote: BQ_BEGIN You might need to do a Wireshark trace and find out if the calls originate externally into the system. If you are in an open DMZ with the router, that could be just the start of your problems. I had Opensips 2.3.0-beta in the open on DMZ with the router for only a few hours and I then had a couple of dozen automated break in attempts trying to access the system. You need to pay a lot of attention to the system logs otherwise you may not even notice. Go over your router very carefully and restrict everything you do not need exposed. Port 5060 is a very popular target with automated robots, use another port if your able to. Alex From: Users [mailto: [email protected] ] On Behalf Of Uzair Hassan Sent: Friday, 21 April 2017 6:16 AM To: [email protected] Subject: [OpenSIPS-Users] Ghost calls 1001 Hello all, I have setup a opensips 2.3 on a new server and I'm getting ghost calls into my system. How do I stop these ghost call? The opensips server is brand new. the install is clean and nothing has been touched after the initial simple residential script setup. What can I do to defend myself from these ghost calls. Thank you so much. _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users BQ_END _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users BQ_END _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users BQ_END _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
