[OpenSIPS-Users] How to protect OpenSIPS from undesidered requests (DoS attack?)
Nick Altmann
nick.altmann at gmail.com
Wed Mar 6 11:08:48 CET 2013
if ($ua =~ "friendly-scanner") {
xlog("L_ERR", "Attack attempt - Request dropped");
drop();
}
--
Nick
2013/3/6 leo <uzcudunl at yahoo.it>
> Hello:
>
> I'm receiving on my OpenSIPS server a lot of register request. I believe
> that is someone trying to attack the sip service because the source IP is
> not one that i know. Here is the request:
>
> 10:03:54.191249 00:08:e3:20:fb:b6 > 00:0c:29:fc:95:e1, ethertype IPv4
> (0x0800), length 384: (tos 0x0, ttl 52, id 0, offset 0, flags [DF], proto
> UDP (17), length 370)
> 199.217.115.214.5981 > X.X.X.X.5060: [udp sum ok] SIP, length: 342
> REGISTER sip:X.X.X.X SIP/2.0
> Via: SIP/2.0/UDP 199.217.115.214:5981
> ;branch=z9hG4bK-2684304106;rport
> Content-Length: 0
> From: "5988" <sip:5988 at X.X.X.X>
> Accept: application/sdp
> User-Agent: friendly-scanner
> To: "5988" <sip:5988 at X.X.X.X>
> Contact: sip:123 at 1.1.1.1
> CSeq: 1 REGISTER
> Call-ID: 3943182463
> Max-Forwards: 70
>
> How could i prevent this kind of requests?
> Thanks a lot.
>
> Leo.
>
>
>
> --
> View this message in context:
> http://opensips-open-sip-server.1449251.n2.nabble.com/How-to-protect-OpenSIPS-from-undesidered-requests-DoS-attack-tp7585091.html
> Sent from the OpenSIPS - Users mailing list archive at Nabble.com.
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20130306/6f261466/attachment.htm>
More information about the Users
mailing list