[OpenSIPS-Users] Ghost calls 1001

Uzair Hassan uzairhassan at shaw.ca
Fri Apr 21 03:07:00 EDT 2017


Is there any documentation I could read to understand the process you just 
described?


On April 20, 2017 11:15:54 PM Schneur Rosenberg <rosenberg11219 at gmail.com> 
wrote:

> In addition to iptables/fail2ban you should inspect the useragent that the
> packets come from, most of them will come from sip vicious or friendly
> scanner etc, you can block them with iptables and/or with drop() in
> opensips, this will stop the scanner right away because he won't get any
> replies so he will just move on.
>
> On Apr 21, 2017 8:11 AM, "Uzair Hassan" <uzairhassan at shaw.ca> wrote:
>
>> Is there a way to change opensips port ? Whenever I try it doesn't even
>> start.
>>
>> On April 20, 2017 9:09:55 PM "Alexander Jankowsky" <
>> E75A4669 at exemail.com.au> wrote:
>>
>>>
>>>
>>> You might need to do a Wireshark trace and find out if the calls
>>> originate externally into the system.
>>>
>>> If you are in an open DMZ with the router, that could be just the start
>>> of your problems.
>>>
>>> I had Opensips 2.3.0-beta in the open on DMZ with the router for only a
>>> few hours and
>>>
>>> I then had a couple of dozen automated break in attempts trying to access
>>> the system.
>>>
>>> You need to pay a lot of attention to the system logs otherwise you may
>>> not even notice.
>>>
>>> Go over your router very carefully and restrict everything you do not
>>> need exposed.
>>>
>>> Port 5060 is a very popular target with automated robots, use another
>>> port if your able to.
>>>
>>>
>>>
>>> Alex
>>>
>>>
>>>
>>>
>>>
>>> *From:* Users [mailto:users-bounces at lists.opensips.org] *On Behalf Of *Uzair
>>> Hassan
>>> *Sent:* Friday, 21 April 2017 6:16 AM
>>> *To:* users at lists.opensips.org
>>> *Subject:* [OpenSIPS-Users] Ghost calls 1001
>>>
>>>
>>>
>>> Hello all,
>>>
>>>
>>>
>>> I have setup a opensips 2.3 on a new server and I'm getting ghost calls
>>> into my system. How do I stop these ghost call? The opensips server is
>>> brand new. the install is clean and nothing has been touched after the
>>> initial simple residential script setup. What can I do to defend myself
>>> from these ghost calls.
>>>
>>> Thank you so much.
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opensips.org
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>
>
>
> ----------
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20170421/cd8df94d/attachment-0001.html>


More information about the Users mailing list