I have placed the code below right underneath the route portion in the kamailio.cfg file restarted kamailio and I am still being attacked.

####### Routing Logic ########


# main request routing logic

route{

        if ($ua=="friendly-scanner") {
                sl_send_reply("200","OK")
                exit;
        }

On Nov 26, 2013, at 5:29 PM, Daniel Grotti <dgrotti@sipwise.com> wrote:

Hi,
you can check the User-Agent reference $ua, if it is equal to
"friendly-scanner", just send back a reply with sl_send_reply("200", "OK")

Daniel



On 11/26/2013 10:53 PM, Joli Martinez wrote:
How can I do this?  Is there an article I can reference or something?  I am new to kamailio and not sure how to do this.

Thanks,

On Nov 26, 2013, at 4:41 PM, Ovidiu Sas <osas@voipembedded.com> wrote:

Google around for "friendly-scanner" to learn more about it.
In the mean time, allow the packets to be handled by kamailio and send
a 200ok back - maybe this will stop the attack.
After the attack is stopped, simply drop all "friendly-scanner" SIP requests :)

Regards,
Ovidiu Sas

On Tue, Nov 26, 2013 at 4:32 PM, Joli Martinez <mrjoli021@gmail.com> wrote:
it is comming from "friendly-scanner" The other issue I have is that "/var/log/secure" is not getting the sip requests so the only way I realize it is happeing is from tcpdump.  If the secure file is not picking it up then iptables wont know about it.  How can I tell iptables to listen for sip requests?  I have already added the IP to the blocked IP's but he still keeps on comming.

Thanks,

On Nov 26, 2013, at 4:28 PM, Ovidiu Sas <osas@voipembedded.com> wrote:

Most likely it's a bogus script.
Sometimes just sending a dummy reply, will stop the script sending SIP requests.
Check the User-Agent header and from username to see if you can
identify the script and google around for it.

Regards,
Ovidiu Sas

On Tue, Nov 26, 2013 at 4:17 PM, Joli Martinez <mrjoli021@gmail.com> wrote:
I am running Kamailio in CentOS.  I ran tcpdump and noticed that we are getting attacked from IP 188.138.32.72.  I have already blocked it on IPtables, but he keeps on attacking the server.  If I look at "/var/log/secure" there are no SIP messages.  My question is where is the log file for Kamailio and how can I prevent this type of attacks in the future.

Thanks,
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users



--
VoIP Embedded, Inc.
http://www.voipembedded.com

_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users


_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users



--
VoIP Embedded, Inc.
http://www.voipembedded.com

_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users


_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users


_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users