[OpenSIPS-Users] How block Register attack

Jan D. j-doedel at zonnet.nl
Mon Jan 16 20:00:41 CET 2012


Hi,

It's better to drop the connection without sending any packet back. Due to a
bug in Friendly-Scanner it sometimes keeps trying to register with the same
username again and again, in a bad case resulting in a lot of datatraffic to
opensips.

I use this rule in default route:

if($ua=~"friendly-scanner")
{
 xlog("L_ERROR","Auth error for $fU@$fd from $si cause -1 REGISTER username
(friendly-scanner)");
 drop();
}

Also log other failures (username or password) and use fail2ban to drop the
ip entirly with iptables.

Jan.

--
View this message in context: http://opensips-open-sip-server.1449251.n2.nabble.com/How-block-Register-attack-tp7191470p7193697.html
Sent from the OpenSIPS - Users mailing list archive at Nabble.com.



More information about the Users mailing list