[OpenSIPS-Users] attack from friendly-scanner
Engineer voip
forvoip4 at gmail.com
Mon Oct 8 14:53:54 CEST 2012
Hi,
I'm trying to use pike module and i'm using the script above, but when i
execute this command " opensipsctl fifo pike_list"
i don't get any address blocked
My opensips config is:
loadmodule "pike.so"
modparam("pike", "sampling_time_unit", 10)
modparam("pike", "reqs_density_per_unit", 30)
modparam("pike", "remove_latency", 120)
modparam("pike", "check_route","pike") # enable automatic checking
modparam("pike", "pike_log_level",1)
route[pike]
{
if (src_ip==x.x.x.x ||src_ip==gw_ip) # Trusted IP
xlog("L_INFO", "in pike route ");
drop();
}
have you an idea please toresolve that?
2012/10/8 SamyGo <govoiper at gmail.com>
> Hi,
> Relax it says its Friendly !!
>
> But still if you want to block it you've many options i.e in opensips.cfg
> start put a condition $ua =~ "friendly-scanner". If matched return
> stateless some error.
> Other option is to use pike module.
> Another option is use fail2ban for opensips logs.
> More sophisticated options involve firewalls with IPS and IDS modules.
>
> I hope it was helpful.
>
> BR
> Sammy
> On Oct 8, 2012 2:33 PM, "Engineer voip" <forvoip4 at gmail.com> wrote:
>
>> Hi All,
>> I receveid several packets of registration from a "friendly-scanner"
>> on my opensips server
>> how can i do to block that please??
>>
>> --
>>
>> Best Regards.
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
--
Best Regards.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20121008/17653880/attachment-0001.htm>
More information about the Users
mailing list