<html>
<head>
</head>
<body>
<div style="color: black;">
<div style="color: black;">
<p style="margin: 0 0 1em 0; color: black;">Is there any documentation I
could read to understand the process you just described? </p>
</div>
<div style="color: black;">
<p
style="color: black; font-size: 10pt; font-family: Arial, sans-serif; margin: 10pt 0;">On
April 20, 2017 11:15:54 PM Schneur Rosenberg
<rosenberg11219@gmail.com> wrote:</p>
<blockquote type="cite" class="gmail_quote"
style="margin: 0 0 0 0.75ex; border-left: 1px solid #808080; padding-left: 0.75ex;">
<div dir="auto">In addition to iptables/fail2ban you should inspect the
useragent that the packets come from, most of them will come from sip
vicious or friendly scanner etc, you can block them with iptables and/or
with drop() in opensips, this will stop the scanner right away because he
won't get any replies so he will just move on. </div><div
class="gmail_extra"><br><div class="gmail_quote">On Apr 21, 2017 8:11 AM,
"Uzair Hassan" <<a href="mailto:uzairhassan@shaw.ca"
target="_blank">uzairhassan@shaw.ca</a>> wrote:<br
type="attribution"><blockquote class="gmail_quote"
style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">




<div>
<div style="color:black">
<div style="color:black">
<p style="margin:0 0 1em 0;color:black">Is there a way to change
opensips port ? Whenever I try it doesn't even start. </p>
</div>
<div style="color:black">
<p
style="color:black;font-size:10pt;font-family:Arial,sans-serif;margin:10pt 0">On
April 20, 2017 9:09:55 PM "Alexander Jankowsky"
<<a href="mailto:E75A4669@exemail.com.au"
target="_blank">E75A4669@exemail.com.au</a>> wrote:</p>
<blockquote type="cite" class="gmail_quote"
style="margin:0 0 0 0.75ex;border-left:1px solid #808080;padding-left:0.75ex">
<div class="m_-7966036497874487118WordSection1"><p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p><p
class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">You
might need to do a Wireshark trace and find out if the calls originate
externally into the system.<u></u><u></u></span></p><p
class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">If
you are in an open DMZ with the router, that could be just the start of
your problems.<u></u><u></u></span></p><p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">I
had Opensips 2.3.0-beta in the open on DMZ with the router for only a few
hours and<u></u><u></u></span></p><p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">I
then had a couple of dozen automated break in attempts trying to access the
system.<u></u><u></u></span></p><p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">You
need to pay a lot of attention to the system logs otherwise you may not
even notice.<u></u><u></u></span></p><p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Go
over your router very carefully and restrict everything you do not need
exposed.<u></u><u></u></span></p><p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Port
5060 is a very popular target with automated robots, use another port if
your able to.<u></u><u></u></span></p><p class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p><p
class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d">Alex<u></u><u></u></span></p><p
class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p><p
class="MsoNormal"><span
style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1f497d"><u></u> <u></u></span></p><div><div
style="border:none;border-top:solid #e1e1e1 1.0pt;padding:3.0pt 0cm 0cm 0cm"><p
class="MsoNormal"><b><span lang="EN-US"
style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span
lang="EN-US"
style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Users
[mailto:<a href="mailto:users-bounces@lists.opensips.org"
target="_blank">users-bounces@lists.<wbr>opensips.org</a>] <b>On Behalf Of
</b>Uzair
Hassan<br><b>Sent:</b> Friday, 21 April 2017 6:16 AM<br><b>To:</b>
<a href="mailto:users@lists.opensips.org"
target="_blank">users@lists.opensips.org</a><br><b>Subject:</b>
[OpenSIPS-Users] Ghost calls
1001<u></u><u></u></span></p></div></div><p
class="MsoNormal"><u></u> <u></u></p><div><div><p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black">Hello
all, <u></u><u></u></span></p></div><div><p class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black"><u></u> <u></u></span></p></div><div><p
class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black">I
have
setup a opensips 2.3 on a new server and I'm getting ghost calls into my
system. How do I stop these ghost call? The opensips server is brand new.
the install is clean and nothing has been touched after the initial simple
residential script setup. What can I do to defend myself from these ghost
calls.<br><br>Thank you so much.<u></u><u></u></span></p></div><div><p
class="MsoNormal"><span
style="font-size:10.0pt;font-family:"Arial",sans-serif;color:black"><u></u> <u></u></span></p></div></div></div>
______________________________<wbr>_________________<br>
Users mailing list<br>
<a
class="m_-7966036497874487118aqm-autolink m_-7966036497874487118aqm-autowrap"
href="mailto:Users%40lists.opensips.org"
target="_blank">Users@lists.opensips.org</a><br>
<a
class="m_-7966036497874487118aqm-autolink m_-7966036497874487118aqm-autowrap"
href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users"
target="_blank">http://lists.opensips.org/cgi-<wbr>bin/mailman/listinfo/users</a><br></blockquote>
</div>
</div>
</div>

<br>______________________________<wbr>_________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users"
rel="noreferrer"
target="_blank">http://lists.opensips.org/cgi-<wbr>bin/mailman/listinfo/users</a><br>
<br></blockquote></div></div>

_______________________________________________<br>
Users mailing list<br>
<a class="aqm-autolink aqm-autowrap"
href="mailto:Users%40lists.opensips.org">Users@lists.opensips.org</a><br>
<a class="aqm-autolink aqm-autowrap"
href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
</blockquote>
</div>
</div>
</body>
</html>