[OpenSIPS-Users] Ghost calls 1001

Uzair Hassan uzairhassan at shaw.ca
Thu Apr 20 21:33:54 EDT 2017


Thank you all for your reply's I will learn how to implement fail2ban integration in a VM environment and then commit it to the production server. 


From: "David Villasmil" <david.villasmil.work at gmail.com> 
To: "users" <users at lists.opensips.org> 
Sent: Thursday, April 20, 2017 3:50:07 PM 
Subject: Re: [OpenSIPS-Users] Ghost calls 1001 

I've always seen the invite, then my "auth required" and then they usually never answer, but the keep trying invites with other destination numbers. That's why you need to setup your fail2ban 
On Thu, Apr 20, 2017 at 11:42 PM Nabeel < nabeelshikder at gmail.com > wrote: 



In a ghost call, there is no RTP -- only the INVITE. If you answer a ghost call, there will be no response. Usually, an IP scanner named 'SipVicious' directly sends the INVITE to your client, so your server may not come into play at all. 

On 20 Apr 2017 10:32 p.m., "Mundkowsky, Robert" < rmundkowsky at ets.org > wrote: 

BQ_BEGIN



Do you mean a client is using SIP/RTP to make a call direct to backend servers and bypassing the opensips proxy? Or somehow just using RTP without SIP to bypass the opensips proxy? 





Robert 



From: Users [mailto: users-bounces at lists.opensips.org ] On Behalf Of Nabeel 
Sent: Thursday, April 20, 2017 5:17 PM 
To: OpenSIPS users mailling list < users at lists.opensips.org > 
Subject: Re: [OpenSIPS-Users] Ghost calls 1001 




My understanding of ghost calls is that they go directly via the client through a loophole in the IP range rather than through the SIP server itself. In this case, server-based solutions don't seem likely to work? 





On 20 Apr 2017 10:08 p.m., "Mundkowsky, Robert" < rmundkowsky at ets.org > wrote: 
BQ_BEGIN



User authentication at SIP level as well. 



Robert 



From: Users [mailto: users-bounces at lists.opensips.org ] On Behalf Of Aqs Younas 
Sent: Thursday, April 20, 2017 4:55 PM 
To: OpenSIPS users mailling list < users at lists.opensips.org > 
Subject: Re: [OpenSIPS-Users] Ghost calls 1001 




iptables, fail2ban and ip authentication if your users have static ips. 





On 21 April 2017 at 01:46, Uzair Hassan < uzairhassan at shaw.ca > wrote: 
BQ_BEGIN



Hello all, 





I have setup a opensips 2.3 on a new server and I'm getting ghost calls into my system. How do I stop these ghost call? The opensips server is brand new. the install is clean and nothing has been touched after the initial simple residential script setup. What can I do to defend myself from these ghost calls. 

Thank you so much. 






_______________________________________________ 
Users mailing list 
Users at lists.opensips.org 
http://lists.opensips.org/cgi-bin/mailman/listinfo/users 











This e-mail and any files transmitted with it may contain privileged or confidential information. It is solely for use by the individual for whom it is intended, even if addressed incorrectly. If you received this e-mail in error, please notify the sender; do not disclose, copy, distribute, or take any action in reliance on the contents of this information; and delete it from your system. Any other use of this e-mail is prohibited. 



Thank you for your compliance. 




_______________________________________________ 
Users mailing list 
Users at lists.opensips.org 
http://lists.opensips.org/cgi-bin/mailman/listinfo/users 
BQ_END





This e-mail and any files transmitted with it may contain privileged or confidential information. It is solely for use by the individual for whom it is intended, even if addressed incorrectly. If you received this e-mail in error, please notify the sender; do not disclose, copy, distribute, or take any action in reliance on the contents of this information; and delete it from your system. Any other use of this e-mail is prohibited. 


Thank you for your compliance. 

_______________________________________________ 
Users mailing list 
Users at lists.opensips.org 
http://lists.opensips.org/cgi-bin/mailman/listinfo/users 


BQ_END

_______________________________________________ 
Users mailing list 
Users at lists.opensips.org 
http://lists.opensips.org/cgi-bin/mailman/listinfo/users 

BQ_END


_______________________________________________ 
Users mailing list 
Users at lists.opensips.org 
http://lists.opensips.org/cgi-bin/mailman/listinfo/users 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20170420/3719fd61/attachment.html>


More information about the Users mailing list