[OpenSIPS-Users] Ghost calls 1001

johan de clercq johan at democon.be
Fri Apr 21 05:16:05 EDT 2017


Another approach is sending 200 ok and then exit(). 

 

From: Users [mailto:users-bounces at lists.opensips.org] On Behalf Of Schneur Rosenberg
Sent: Friday, April 21, 2017 11:00 AM
To: OpenSIPS users mailling list <users at lists.opensips.org>
Subject: Re: [OpenSIPS-Users] Ghost calls 1001

 

User agent variable is stored in $ua do a if and drop()

 

Regarding iptables do something like this 

 

 

https://community.freepbx.org/t/stop-sipvicious-friendly-scanner/28580

 

 

On Apr 21, 2017 10:12 AM, "Uzair Hassan" <uzairhassan at shaw.ca <mailto:uzairhassan at shaw.ca> > wrote:

Is there any documentation I could read to understand the process you just described? 

On April 20, 2017 11:15:54 PM Schneur Rosenberg <rosenberg11219 at gmail.com <mailto:rosenberg11219 at gmail.com> > wrote:

In addition to iptables/fail2ban you should inspect the useragent that the packets come from, most of them will come from sip vicious or friendly scanner etc, you can block them with iptables and/or with drop() in opensips, this will stop the scanner right away because he won't get any replies so he will just move on. 

 

On Apr 21, 2017 8:11 AM, "Uzair Hassan" <uzairhassan at shaw.ca <mailto:uzairhassan at shaw.ca> > wrote:

Is there a way to change opensips port ? Whenever I try it doesn't even start. 

On April 20, 2017 9:09:55 PM "Alexander Jankowsky" <E75A4669 at exemail.com.au <mailto:E75A4669 at exemail.com.au> > wrote:

 

You might need to do a Wireshark trace and find out if the calls originate externally into the system.

If you are in an open DMZ with the router, that could be just the start of your problems.

I had Opensips 2.3.0-beta in the open on DMZ with the router for only a few hours and

I then had a couple of dozen automated break in attempts trying to access the system.

You need to pay a lot of attention to the system logs otherwise you may not even notice.

Go over your router very carefully and restrict everything you do not need exposed.

Port 5060 is a very popular target with automated robots, use another port if your able to.

 

Alex

 

 

From: Users [mailto:users-bounces at lists.opensips.org <mailto:users-bounces at lists.opensips.org> ] On Behalf Of Uzair Hassan
Sent: Friday, 21 April 2017 6:16 AM
To: users at lists.opensips.org <mailto:users at lists.opensips.org> 
Subject: [OpenSIPS-Users] Ghost calls 1001

 

Hello all, 

 

I have setup a opensips 2.3 on a new server and I'm getting ghost calls into my system. How do I stop these ghost call? The opensips server is brand new. the install is clean and nothing has been touched after the initial simple residential script setup. What can I do to defend myself from these ghost calls.

Thank you so much.

 

_______________________________________________
Users mailing list
Users at lists.opensips.org <mailto:Users%40lists.opensips.org> 
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
Users at lists.opensips.org <mailto:Users at lists.opensips.org> 
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

_______________________________________________
Users mailing list
Users at lists.opensips.org <mailto:Users%40lists.opensips.org> 
http://lists.opensips.org/cgi-bin/mailman/listinfo/users


_______________________________________________
Users mailing list
Users at lists.opensips.org <mailto:Users at lists.opensips.org> 
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20170421/88a6c8bd/attachment.html>


More information about the Users mailing list