<div>Hi,</div><div><br></div>Funny thing, I just used sipvicious and in less that 10 minutes I changed the user-agent field from "friendly-scanner" to "Google-Chrome" .. Where is our "friendly-scanner" condition now ?<div>
<br></div><div>So a 10,000 extensions scan All went directly to my DB and put everyone in trouble, had there been a pike module to capture first 10-15/30 attempts it could've saved us from getting the DB chocked. </div>
<div><br></div><div>Moreover, if I had an action trigger if(pike == true){<font face="courier new, monospace">avp_exec(my-blocker.sh <a href="http://ip.of.hack.er">ip.of.hack.er</a>);}</font> to put the newly captured IP into the IPtables list as well as push the IP address into a custom web-service to alert all the neighbours of this new hacker IP everything could've been perfect.</div>
<div><br></div><div>You are welcome Mr. VoIP Engineer, I really hope this thread helped you a little bit.</div><div><br></div><div>BR</div><div>Sammy</div><div><br></div><div><br></div><div><br><div class="gmail_quote">On Wed, Oct 10, 2012 at 12:29 PM, Engineer voip <span dir="ltr"><<a href="mailto:forvoip4@gmail.com" target="_blank">forvoip4@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>Thank you all for the reply.<br><br><div class="gmail_quote">2012/10/9 Adam Raszynski <span dir="ltr"><<a href="mailto:netcentrica@gmail.com" target="_blank">netcentrica@gmail.com</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5">
I use the following code on all my production OpenSIPS servers.<div>It's CPU friendly and avoids being spotted by bots searching for open-relay VoIP servers.</div><div><br></div><div><div>route{</div><div> # put it at the very beginning of route section</div>
<div> if($ua=~"friendly-scanner") {</div><div> xlog("L_ERROR", "Auth error for $fU@$fd from $si method $rm user-agent (friendly-scanner)\n");</div><div> drop();</div><div> exit;</div>
<div> }</div></div><div>(...)</div><div><br></div><div>Since I added that code problem with friendly scanner is over.</div>
<br></div></div><div class="im">_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
<br></div></blockquote></div><span class="HOEnZb"><font color="#888888"><br><br clear="all"><br>-- <br><font color="#663300"><font face="comic sans ms,sans-serif"><br><span style>Best Regards.</span><br></font></font><br>
<br>
</font></span><br>_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
<br></blockquote></div><br></div>