[OpenSIPS-Users] How block Register attack
Jan D.
j-doedel at zonnet.nl
Mon Jan 16 20:00:41 CET 2012
Hi,
It's better to drop the connection without sending any packet back. Due to a
bug in Friendly-Scanner it sometimes keeps trying to register with the same
username again and again, in a bad case resulting in a lot of datatraffic to
opensips.
I use this rule in default route:
if($ua=~"friendly-scanner")
{
xlog("L_ERROR","Auth error for $fU@$fd from $si cause -1 REGISTER username
(friendly-scanner)");
drop();
}
Also log other failures (username or password) and use fail2ban to drop the
ip entirly with iptables.
Jan.
--
View this message in context: http://opensips-open-sip-server.1449251.n2.nabble.com/How-block-Register-attack-tp7191470p7193697.html
Sent from the OpenSIPS - Users mailing list archive at Nabble.com.
More information about the Users
mailing list