[OpenSIPS-Users] Ghost calls 1001

Uzair Hassan uzairhassan at shaw.ca
Fri Apr 21 06:29:10 EDT 2017


thank you, i added this to my opensips.cfg file and it started successfully. Lets see if it works. 


From: "Nabeel" <nabeelshikder at gmail.com> 
To: "users" <users at lists.opensips.org> 
Sent: Friday, April 21, 2017 2:23:52 AM 
Subject: Re: [OpenSIPS-Users] Ghost calls 1001 

In case the call is attempted via your server, you can add the following to opensips.cfg to block sip scanners: 

if($ua=~"friendly-scanner") { 
xlog("L_ERROR", "Auth error for $fU@$fd from $si method $rm 
user-agent (friendly-scanner)\n"); 
drop(); 
exit; 
} 
if($ua=~"sipvicious") { 
xlog("L_ERROR", "Auth error for $fU@$fd from $si method $rm 
user-agent (friendly-scanner)\n"); 
drop(); 
exit; 
} 

On 21 Apr 2017 8:12 a.m., "Uzair Hassan" < uzairhassan at shaw.ca > wrote: 





Is there any documentation I could read to understand the process you just described? 


On April 20, 2017 11:15:54 PM Schneur Rosenberg < rosenberg11219 at gmail.com > wrote: 
BQ_BEGIN

In addition to iptables/fail2ban you should inspect the useragent that the packets come from, most of them will come from sip vicious or friendly scanner etc, you can block them with iptables and/or with drop() in opensips, this will stop the scanner right away because he won't get any replies so he will just move on. 

On Apr 21, 2017 8:11 AM, "Uzair Hassan" < uzairhassan at shaw.ca > wrote: 

BQ_BEGIN



Is there a way to change opensips port ? Whenever I try it doesn't even start. 


On April 20, 2017 9:09:55 PM "Alexander Jankowsky" < E75A4669 at exemail.com.au > wrote: 
BQ_BEGIN





You might need to do a Wireshark trace and find out if the calls originate externally into the system. 

If you are in an open DMZ with the router, that could be just the start of your problems. 

I had Opensips 2.3.0-beta in the open on DMZ with the router for only a few hours and 

I then had a couple of dozen automated break in attempts trying to access the system. 

You need to pay a lot of attention to the system logs otherwise you may not even notice. 

Go over your router very carefully and restrict everything you do not need exposed. 

Port 5060 is a very popular target with automated robots, use another port if your able to. 



Alex 






From: Users [mailto: users-bounces at lists.opensips.org ] On Behalf Of Uzair Hassan 
Sent: Friday, 21 April 2017 6:16 AM 
To: users at lists.opensips.org 
Subject: [OpenSIPS-Users] Ghost calls 1001 





Hello all, 





I have setup a opensips 2.3 on a new server and I'm getting ghost calls into my system. How do I stop these ghost call? The opensips server is brand new. the install is clean and nothing has been touched after the initial simple residential script setup. What can I do to defend myself from these ghost calls. 

Thank you so much. 



_______________________________________________ 
Users mailing list 
Users at lists.opensips.org 
http://lists.opensips.org/cgi-bin/mailman/listinfo/users 




_______________________________________________ 
Users mailing list 
Users at lists.opensips.org 
http://lists.opensips.org/cgi-bin/mailman/listinfo/users 


BQ_END

_______________________________________________ 
Users mailing list 
Users at lists.opensips.org 
http://lists.opensips.org/cgi-bin/mailman/listinfo/users 

BQ_END


_______________________________________________ 
Users mailing list 
Users at lists.opensips.org 
http://lists.opensips.org/cgi-bin/mailman/listinfo/users 


BQ_END


_______________________________________________ 
Users mailing list 
Users at lists.opensips.org 
http://lists.opensips.org/cgi-bin/mailman/listinfo/users 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20170421/0b9ac295/attachment.html>


More information about the Users mailing list