5 Feb
2007
5 Feb
'07
3:44 p.m.
OK- just let me know if you find the source of the bogus IP.
I was asking about version as the 1.2.x (devel) contains IP blacklists you could use to block such addresses: http://www.openser.org/pipermail/users/2007-January/008848.html
regards, bogdan
Martin Burns wrote:
Bogdan,
We will check the DNS. We are also using openser-1.1.0-notls
Thanks for you help.
Martin
On 2/6/07, *Bogdan-Andrei Iancu* < bogdan@voice-system.ro mailto:bogdan@voice-system.ro> wrote:
Martin, most probably you cannot get anything via ngrep because: 1 - the outbound message is not sent 2 - the inbound message may contain a domain name which leads to 0.0.1.244 <http://0.0.1.244> via DNS. try to monitor the DNS traffic also to see if this address comes up. what version of openser are you using? regards, bogdan Martin Burns wrote: > Bogdan, > > You are right it is the destination. I added the following to > udp_server.c when the error occurs: > > LOG(L_ERR, "sa = %d, %s, %d\n", to->sin.sin_family, > inet_ntoa(to-> sin.sin_addr), ntohs(to->sin.sin_port)); > > Which logs: > > sa = 2, 0.0.1.244 <http://0.0.1.244> <http://0.0.1.244>, 5060 > > This address is clearly invalid. Interesting thing though is that I > ran an ngrep to see if I could locate a message that contains this IP > and could not find one: > > ngrep -p port 5060 | grep "0.0.1.244 <http://0.0.1.244> < http://0.0.1.244>" > > The above came up clean even though the log kept reporting the error. > > Any more ideas? > > Martin > > On 2/5/07, *Bogdan-Andrei Iancu* < bogdan@voice-system.ro <mailto:bogdan@voice-system.ro> > <mailto:bogdan@voice-system.ro <mailto:bogdan@voice-system.ro>>> wrote: > > Martin, > > after all, it look the root problem is the destination address - the > detection of the egress socket (triggered by mhomed) also fails > because > of an Invalid Argument (as originally). > > my guess is that an invalid ip or port is used for sending the > message. > If you cannot track this down, I can try to prepare a patch to > print the > destination address/port in case of error. > > regards, > bogdan >