26 Nov
2013
26 Nov
'13
11:28 p.m.
Most likely it's a bogus script.
Sometimes just sending a dummy reply, will stop the script sending SIP requests.
Check the User-Agent header and from username to see if you can
identify the script and google around for it.
Regards,
Ovidiu Sas
On Tue, Nov 26, 2013 at 4:17 PM, Joli Martinez <mrjoli021(a)gmail.com> wrote:
I am running Kamailio in CentOS. I ran tcpdump and
noticed that we are getting attacked from IP 188.138.32.72. I have already blocked it on
IPtables, but he keeps on attacking the server. If I look at "/var/log/secure"
there are no SIP messages. My question is where is the log file for Kamailio and how can
I prevent this type of attacks in the future.
Thanks,
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
VoIP Embedded, Inc.
http://www.voipembedded.com