Hi All.Someone is attacking on my SIP server.There are lot of requests coming in and I am not able to stop it because I am unable to detect the IP address.I used wireshark to capture the packets.Although I am using very strong password for my SIP users but still is there any way to drop these packets and stop this attack.I tried dropping packet after matching some string (most of the packets from attacker contains string 'VaxSIPUserAgent/3.1' ) but it failed. Packets are still flowing in.iptables -I INPUT 1 -p tcp --dport 5060 -m string --string "VaxSIPUserAgent" --algo bm -j DROPIts something like thisRegistration from '"30" <sp:30@my_public_ip:5060> failed for '192.168.xxx.xxx:6373' - Wrong Passwordand there are approx 10 request per minute of this type.Please suggest some way to stop this.--Anurag Rana
http://newbie42.blogspot.in/
On the trampoline of life's experiences, Striving towards a saintly life in the midst of these materialistic turbulences.
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users