[OpenSIPS-Users] How to protect OpenSIPS from undesidered requests (DoS attack?)

Leonardo Uzcudun uzcudunl at yahoo.it
Wed Mar 6 11:27:27 CET 2013


Hello Alexandre:

I've enabled fail2ban according the instructions in the page but it seems opensips is not loggin the register attemps. Should i increment the debug level?

 ####### Global Parameters #########
debug=3
log_stderror=no
#Changed for fail2ban
#log_facility=LOG_LOCAL0
log_facility=LOG_LOCAL7

Thanks,

Leo


________________________________
 Da: alexandre Moutot <a.moutot at alphalink.fr>
A: OpenSIPS users mailling list <users at lists.opensips.org> 
Inviato: Mercoledì 6 Marzo 2013 10:27
Oggetto: Re: [OpenSIPS-Users] How to protect OpenSIPS from undesidered requests (DoS attack?)
 
Hello,

Maybe you should use fail2ban : http://www.opensips.org/Resources/DocsTutFail2ban

Regards,

MOUTOT Alexandre
a.moutot at alphalink.fr

----- Original Message -----
> From: "leo" <uzcudunl at yahoo.it>
> To: users at lists.opensips.org
> Sent: Wednesday, March 6, 2013 10:10:35 AM
> Subject: [OpenSIPS-Users] How to protect OpenSIPS from undesidered requests (DoS attack?)
> Hello:
> 
> I'm receiving on my OpenSIPS server a lot of register request. I
> believe
> that is someone trying to attack the sip service because the source IP
> is
> not one that i know. Here is the request:
> 
> 10:03:54.191249 00:08:e3:20:fb:b6 > 00:0c:29:fc:95:e1, ethertype IPv4
> (0x0800), length 384: (tos 0x0, ttl 52, id 0, offset 0, flags [DF],
> proto
> UDP (17), length 370)
> 199.217.115.214.5981 > X.X.X.X.5060: [udp sum ok] SIP, length: 342
> REGISTER sip:X.X.X.X SIP/2.0
> Via: SIP/2.0/UDP 199.217.115.214:5981;branch=z9hG4bK-2684304106;rport
> Content-Length: 0
> From: "5988" <sip:5988 at X.X.X.X>
> Accept: application/sdp
> User-Agent: friendly-scanner
> To: "5988" <sip:5988 at X.X.X.X>
> Contact: sip:123 at 1.1.1.1
> CSeq: 1 REGISTER
> Call-ID: 3943182463
> Max-Forwards: 70
> 
> How could i prevent this kind of requests?
> Thanks a lot.
> 
> Leo.
> 
> 
> 
> --
> View this message in context:
> http://opensips-open-sip-server.1449251.n2.nabble.com/How-to-protect-OpenSIPS-from-undesidered-requests-DoS-attack-tp7585091.html
> Sent from the OpenSIPS - Users mailing list archive at Nabble.com.
> 
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users

_______________________________________________
Users mailing list
Users at lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20130306/b0388ef1/attachment.htm>


More information about the Users mailing list