[OpenSIPS-Users] How block Register attack

Bogdan-Andrei Iancu bogdan at opensips.org
Wed Jan 18 13:22:11 CET 2012 

Hi all,

Also, aside checking the callrate (with ratelimit) or the UA (from 
script), you should also consider using the pike module for detecting 
DOS attackes based on floods.
         http://www.opensips.org/html/docs/modules/1.7.x/pike.html

Regards,
Bogdan

On 01/16/2012 07:35 AM, nick_chang at ezmobo.com wrote:
> Hello
>
> I use ngrep watch the proto.
> U 2012/01/16 13:34:42.782438 173.0.60.180:5078 ->  10.10.12.70:5060
> REGISTER sip:10.10.12.70 SIP/2.0.
> Via: SIP/2.0/UDP 173.0.60.180:5078;branch=z9hG4bK-3900389486;rport.
> Content-Length: 0.
> From: "108"<sip:108 at 10.10.12.70>.
> Accept: application/sdp.
> User-Agent: friendly-scanner.
> To: "108"<sip:108 at 10.10.12.70>.
> Contact: sip:123 at 1.1.1.1.
> CSeq: 1 REGISTER.
> Call-ID: 1312362532.
> Max-Forwards: 70.
> .
>
> #
> U 2012/01/16 13:34:42.782913 173.0.60.180:5078 ->  10.10.12.70:5060
> REGISTER sip:10.10.12.70 SIP/2.0.
> Via: SIP/2.0/UDP 173.0.60.180:5078;branch=z9hG4bK-4136329935;rport.
> Content-Length: 0.
> From: "108"<sip:108 at 10.10.12.70>.
> Accept: application/sdp.
> User-Agent: friendly-scanner.
> To: "108"<sip:108 at 10.10.12.70>.
> Contact: sip:123 at 1.1.1.1.
> CSeq: 1 REGISTER.
> Call-ID: 1936335613.
> Max-Forwards: 70.
> .
>
> #
> U 2012/01/16 13:34:42.783353 173.0.60.180:5078 ->  10.10.12.70:5060
> REGISTER sip:10.10.12.70 SIP/2.0.
> Via: SIP/2.0/UDP 173.0.60.180:5078;branch=z9hG4bK-2752077727;rport.
> Content-Length: 0.
> From: "108"<sip:108 at 10.10.12.70>.
> Accept: application/sdp.
> User-Agent: friendly-scanner.
> To: "108"<sip:108 at 10.10.12.70>.
> Contact: sip:123 at 1.1.1.1.
> CSeq: 1 REGISTER.
> Call-ID: 3116948484.
> Max-Forwards: 70.
> .
>
> How to block register attack?
>
> Thanks for your support.
> Nick
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>


-- 
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
OpenSIPS solutions and "know-how"

More information about the Users mailing list