<div dir="auto">In case the call is attempted via your server, you can add the following to opensips.cfg to block sip scanners:<div dir="auto"><br></div><div dir="auto"><div dir="auto"> if($ua=~"friendly-scanner") {</div><div dir="auto"> xlog("L_ERROR", "Auth error for $fU@$fd from $si method $rm</div><div dir="auto">user-agent (friendly-scanner)\n");</div><div dir="auto"> drop();</div><div dir="auto"> exit;</div><div dir="auto"> }</div><div dir="auto"> if($ua=~"sipvicious") {</div><div dir="auto"> xlog("L_ERROR", "Auth error for $fU@$fd from $si method $rm</div><div dir="auto">user-agent (friendly-scanner)\n");</div><div dir="auto"> drop();</div><div dir="auto"> exit;</div><div dir="auto"> }</div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 21 Apr 2017 8:12 a.m., "Uzair Hassan" <<a href="mailto:uzairhassan@shaw.ca">uzairhassan@shaw.ca</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div style="color:black">
<div style="color:black">
<p style="margin:0 0 1em 0;color:black">Is there any documentation I
could read to understand the process you just described? </p>
</div>
<div style="color:black">
<p style="color:black;font-size:10pt;font-family:Arial,sans-serif;margin:10pt 0">On
April 20, 2017 11:15:54 PM Schneur Rosenberg
<<a href="mailto:rosenberg11219@gmail.com" target="_blank">rosenberg11219@gmail.com</a>> wrote:</p>
<blockquote type="cite" class="gmail_quote" style="margin:0 0 0 0.75ex;border-left:1px solid #808080;padding-left:0.75ex">
<div dir="auto">In addition to iptables/fail2ban you should inspect the
useragent that the packets come from, most of them will come from sip
vicious or friendly scanner etc, you can block them with iptables and/or
with drop() in opensips, this will stop the scanner right away because he
won't get any replies so he will just move on. </div><div class="gmail_extra"><br><div class="gmail_quote">On Apr 21, 2017 8:11 AM,
"Uzair Hassan" <<a href="mailto:uzairhassan@shaw.ca" target="_blank">uzairhassan@shaw.ca</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
<div style="color:black">
<div style="color:black">
<p style="margin:0 0 1em 0;color:black">Is there a way to change
opensips port ? Whenever I try it doesn't even start. </p>
</div>
<div style="color:black">
<p style="color:black;font-size:10pt;font-family:Arial,sans-serif;margin:10pt 0">On
April 20, 2017 9:09:55 PM "Alexander Jankowsky"
<<a href="mailto:E75A4669@exemail.com.au" target="_blank">E75A4669@exemail.com.au</a>> wrote:</p>
<blockquote type="cite" class="gmail_quote" style="margin:0 0 0 0.75ex;border-left:1px solid #808080;padding-left:0.75ex">
<div class="m_-1380573684594133580m_-7966036497874487118WordSection1"><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">You
might need to do a Wireshark trace and find out if the calls originate
externally into the system.<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">If
you are in an open DMZ with the router, that could be just the start of
your problems.<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">I
had Opensips 2.3.0-beta in the open on DMZ with the router for only a few
hours and<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">I
then had a couple of dozen automated break in attempts trying to access the
system.<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">You
need to pay a lot of attention to the system logs otherwise you may not
even notice.<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Go
over your router very carefully and restrict everything you do not need
exposed.<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Port
5060 is a very popular target with automated robots, use another port if
your able to.<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Alex<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p><div><div style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0cm 0cm 0cm"><p class="MsoNormal"><b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Users
[mailto:<a href="mailto:users-bounces@lists.opensips.org" target="_blank">users-bounces@lists.op<wbr>ensips.org</a>] <b>On Behalf Of
</b>Uzair
Hassan<br><b>Sent:</b> Friday, 21 April 2017 6:16 AM<br><b>To:</b>
<a href="mailto:users@lists.opensips.org" target="_blank">users@lists.opensips.org</a><br><b>Subject:</b>
[OpenSIPS-Users] Ghost calls
1001<u></u><u></u></span></p></div></div><p class="MsoNormal"><u></u> <u></u></p><div><div><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black">Hello
all, <u></u><u></u></span></p></div><div><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black"><u></u> <u></u></span></p></div><div><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black">I
have
setup a opensips 2.3 on a new server and I'm getting ghost calls into my
system. How do I stop these ghost call? The opensips server is brand new.
the install is clean and nothing has been touched after the initial simple
residential script setup. What can I do to defend myself from these ghost
calls.<br><br>Thank you so much.<u></u><u></u></span></p></div><div><p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black"><u></u> <u></u></span></p></div></div></div>
______________________________<wbr>_________________<br>
Users mailing list<br>
<a class="m_-1380573684594133580m_-7966036497874487118aqm-autolink m_-1380573684594133580m_-7966036497874487118aqm-autowrap" href="mailto:Users%40lists.opensips.org" target="_blank">Users@lists.opensips.org</a><br>
<a class="m_-1380573684594133580m_-7966036497874487118aqm-autolink m_-1380573684594133580m_-7966036497874487118aqm-autowrap" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-<wbr>bin/mailman/listinfo/users</a><br></blockquote>
</div>
</div>
</div>
<br>______________________________<wbr>_________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.opensips.org/cgi-<wbr>bin/mailman/listinfo/users</a><br>
<br></blockquote></div></div>
______________________________<wbr>_________________<br>
Users mailing list<br>
<a class="m_-1380573684594133580aqm-autolink m_-1380573684594133580aqm-autowrap" href="mailto:Users%40lists.opensips.org" target="_blank">Users@lists.opensips.org</a><br>
<a class="m_-1380573684594133580aqm-autolink m_-1380573684594133580aqm-autowrap" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-<wbr>bin/mailman/listinfo/users</a><br>
</blockquote>
</div>
</div>
</div>
<br>______________________________<wbr>_________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.opensips.org/cgi-<wbr>bin/mailman/listinfo/users</a><br>
<br></blockquote></div></div>