[OpenSIPS-Users] Ghost calls 1001

Schneur Rosenberg rosenberg11219 at gmail.com
Fri Apr 21 02:15:36 EDT 2017


In addition to iptables/fail2ban you should inspect the useragent that the
packets come from, most of them will come from sip vicious or friendly
scanner etc, you can block them with iptables and/or with drop() in
opensips, this will stop the scanner right away because he won't get any
replies so he will just move on.

On Apr 21, 2017 8:11 AM, "Uzair Hassan" <uzairhassan at shaw.ca> wrote:

> Is there a way to change opensips port ? Whenever I try it doesn't even
> start.
>
> On April 20, 2017 9:09:55 PM "Alexander Jankowsky" <
> E75A4669 at exemail.com.au> wrote:
>
>>
>>
>> You might need to do a Wireshark trace and find out if the calls
>> originate externally into the system.
>>
>> If you are in an open DMZ with the router, that could be just the start
>> of your problems.
>>
>> I had Opensips 2.3.0-beta in the open on DMZ with the router for only a
>> few hours and
>>
>> I then had a couple of dozen automated break in attempts trying to access
>> the system.
>>
>> You need to pay a lot of attention to the system logs otherwise you may
>> not even notice.
>>
>> Go over your router very carefully and restrict everything you do not
>> need exposed.
>>
>> Port 5060 is a very popular target with automated robots, use another
>> port if your able to.
>>
>>
>>
>> Alex
>>
>>
>>
>>
>>
>> *From:* Users [mailto:users-bounces at lists.opensips.org] *On Behalf Of *Uzair
>> Hassan
>> *Sent:* Friday, 21 April 2017 6:16 AM
>> *To:* users at lists.opensips.org
>> *Subject:* [OpenSIPS-Users] Ghost calls 1001
>>
>>
>>
>> Hello all,
>>
>>
>>
>> I have setup a opensips 2.3 on a new server and I'm getting ghost calls
>> into my system. How do I stop these ghost call? The opensips server is
>> brand new. the install is clean and nothing has been touched after the
>> initial simple residential script setup. What can I do to defend myself
>> from these ghost calls.
>>
>> Thank you so much.
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20170421/3202b9e8/attachment.html>


More information about the Users mailing list