Re: [SR-Users] Log files

I have placed the code below right underneath the route portion in the kamailio.cfg file restarted kamailio and I am still being attacked. ####### Routing Logic ######## # main request routing logic route{ if ($ua=="friendly-scanner") { sl_send_reply("200","OK"); exit; } On Nov 26, 2013, at 5:29 PM, Daniel Grotti &lt;dgrotti(a)sipwise.com <mailto:dgrotti@sipwise.com>> wrote: > Hi, > you can check the User-Agent reference $ua, if it is equal to > "friendly-scanner", just send back a reply with sl_send_reply("200",

> > Daniel > > > > On 11/26/2013 10:53 PM, Joli Martinez wrote: >> How can I do this? Is there an article I can reference or something? >> I am new to kamailio and not sure how to do this. >> >> Thanks, >> >> On Nov 26, 2013, at 4:41 PM, Ovidiu Sas &lt;osas(a)voipembedded.com >> <mailto:osas@voipembedded.com>> wrote: >> >>> Google around for "friendly-scanner" to learn more about it. >>> In the mean time, allow the packets to be handled by kamailio and send >>> a 200ok back - maybe this will stop the attack. >>> After the attack is stopped, simply drop all "friendly-scanner" SIP >>> requests :) >>> >>> Regards, >>> Ovidiu Sas >>> >>> On Tue, Nov 26, 2013 at 4:32 PM, Joli Martinez &lt;mrjoli021(a)gmail.com >>> <mailto:mrjoli021@gmail.com>> wrote: >>>> it is comming from "friendly-scanner" The other issue I have is >>>> that "/var/log/secure" is not getting the sip requests so the only >>>> way I realize it is happeing is from tcpdump. If the secure file >>>> is not picking it up then iptables wont know about it. How can I >>>> tell iptables to listen for sip requests? I have already added the >>>> IP to the blocked IP's but he still keeps on comming. >>>> >>>> Thanks, >>>> >>>> On Nov 26, 2013, at 4:28 PM, Ovidiu Sas &lt;osas(a)voipembedded.com >>>> <mailto:osas@voipembedded.com>> wrote: >>>> >>>>> Most likely it's a bogus script. >>>>> Sometimes just sending a dummy reply, will stop the script sending >>>>> SIP requests. >>>>> Check the User-Agent header and from username to see if you can >>>>> identify the script and google around for it. >>>>> >>>>> Regards, >>>>> Ovidiu Sas >>>>> >>>>> On Tue, Nov 26, 2013 at 4:17 PM, Joli Martinez >>>>> &lt;mrjoli021(a)gmail.com <mailto:mrjoli021@gmail.com>> wrote: >>>>>> I am running Kamailio in CentOS. I ran tcpdump and noticed that >>>>>> we are getting attacked from IP 188.138.32.72. I have already >>>>>> blocked it on IPtables, but he keeps on attacking the server. If >>>>>> I look at "/var/log/secure" there are no SIP messages. My >>>>>> question is where is the log file for Kamailio and how can I >>>>>> prevent this type of attacks in the future. >>>>>> >>>>>> Thanks, >>>>>> _______________________________________________ >>>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users >>>>>> mailing list >>>>>> sr-users(a)lists.sip-router.org <mailto:

>>>>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users >>>>> >>>>> >>>>> >>>>> -- >>>>> VoIP Embedded, Inc. >>>>> http://www.voipembedded.com >>>>> >>>>> _______________________________________________ >>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing >>>>> list >>>>> sr-users(a)lists.sip-router.org >>>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users >>>> >>>> >>>> _______________________________________________ >>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing

>>>> sr-users(a)lists.sip-router.org <mailto:sr-users@lists.sip-router.org> >>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users >>> >>> >>> >>> -- >>> VoIP Embedded, Inc. >>> http://www.voipembedded.com >>> >>> _______________________________________________ >>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing

_______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users(a)lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users