<html><body><div style="color:#000; background-color:#fff; font-family:verdana, helvetica, sans-serif;font-size:10pt">Hello Alexandre:<br><br>I've enabled fail2ban according the instructions in the page but it seems opensips is not loggin the register attemps. Should i increment the debug level?<br><br> ####### Global Parameters #########<br>debug=3<br>log_stderror=no<br>#Changed for fail2ban<br>#log_facility=LOG_LOCAL0<br>log_facility=LOG_LOCAL7<br><br>Thanks,<br><br>Leo<br><div style="font-family: verdana, helvetica, sans-serif; font-size: 10pt;"> <div style="font-family: times new roman, new york, times, serif; font-size: 12pt;"> <div dir="ltr"> <font face="Arial" size="2"> <hr size="1"> <b><span style="font-weight:bold;">Da:</span></b> alexandre Moutot <a.moutot@alphalink.fr><br> <b><span style="font-weight: bold;">A:</span></b> OpenSIPS users mailling list <users@lists.opensips.org> <br> <b><span style="font-weight:
bold;">Inviato:</span></b> Mercoledì 6 Marzo 2013 10:27<br> <b><span style="font-weight: bold;">Oggetto:</span></b> Re: [OpenSIPS-Users] How to protect OpenSIPS from undesidered requests (DoS attack?)<br> </font> </div> <br>Hello,<br><br>Maybe you should use fail2ban : <a href="http://www.opensips.org/Resources/DocsTutFail2ban" target="_blank">http://www.opensips.org/Resources/DocsTutFail2ban</a><br><br>Regards,<br><br>MOUTOT Alexandre<br><a ymailto="mailto:a.moutot@alphalink.fr" href="mailto:a.moutot@alphalink.fr">a.moutot@alphalink.fr</a><br><br>----- Original Message -----<br>> From: "leo" <<a ymailto="mailto:uzcudunl@yahoo.it" href="mailto:uzcudunl@yahoo.it">uzcudunl@yahoo.it</a>><br>> To: <a ymailto="mailto:users@lists.opensips.org" href="mailto:users@lists.opensips.org">users@lists.opensips.org</a><br>> Sent: Wednesday, March 6, 2013 10:10:35 AM<br>> Subject: [OpenSIPS-Users] How to protect OpenSIPS from undesidered requests
(DoS attack?)<br>> Hello:<br>> <br>> I'm receiving on my OpenSIPS server a lot of register request. I<br>> believe<br>> that is someone trying to attack the sip service because the source IP<br>> is<br>> not one that i know. Here is the request:<br>> <br>> 10:03:54.191249 00:08:e3:20:fb:b6 > 00:0c:29:fc:95:e1, ethertype IPv4<br>> (0x0800), length 384: (tos 0x0, ttl 52, id 0, offset 0, flags [DF],<br>> proto<br>> UDP (17), length 370)<br>> 199.217.115.214.5981 > X.X.X.X.5060: [udp sum ok] SIP, length: 342<br>> REGISTER sip:X.X.X.X SIP/2.0<br>> Via: SIP/2.0/UDP 199.217.115.214:5981;branch=z9hG4bK-2684304106;rport<br>> Content-Length: 0<br>> From: "5988" <sip:<a ymailto="mailto:5988@X.X.X.X" href="mailto:5988@X.X.X.X">5988@X.X.X.X</a>><br>> Accept: application/sdp<br>> User-Agent: friendly-scanner<br>> To: "5988" <sip:<a ymailto="mailto:5988@X.X.X.X"
href="mailto:5988@X.X.X.X">5988@X.X.X.X</a>><br>> Contact: sip:123@1.1.1.1<br>> CSeq: 1 REGISTER<br>> Call-ID: 3943182463<br>> Max-Forwards: 70<br>> <br>> How could i prevent this kind of requests?<br>> Thanks a lot.<br>> <br>> Leo.<br>> <br>> <br>> <br>> --<br>> View this message in context:<br>> <a href="http://opensips-open-sip-server.1449251.n2.nabble.com/How-to-protect-OpenSIPS-from-undesidered-requests-DoS-attack-tp7585091.html" target="_blank">http://opensips-open-sip-server.1449251.n2.nabble.com/How-to-protect-OpenSIPS-from-undesidered-requests-DoS-attack-tp7585091.html</a><br>> Sent from the OpenSIPS - Users mailing list archive at Nabble.com.<br>> <br>> _______________________________________________<br>> Users mailing list<br>> <a ymailto="mailto:Users@lists.opensips.org" href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>> <a
href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br><br>_______________________________________________<br>Users mailing list<br><a ymailto="mailto:Users@lists.opensips.org" href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br><a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br><br><br> </div> </div> </div></body></html>