<div>Hi,</div><div> </div><div>If you want to STOP the attack rathen than ban the IP, try sending back 200 OK to their registration requests, regardless of the password being invalid. This should cause the scan to drop.</div>
<div>Alternatively, if this is a state-less SIPVicious (as usual) you can use svcrash.py to crash it remotely (or use the integrated too in HOMER/ToolBox to achieve the same)</div><div> </div><div>Best of Luck,</div><div>
</div><div><div style="color:rgb(119,119,119)"><font><span style="color:rgb(119,119,119);font-family:Arial">Lorenzo Mangani</span></font></div><div style="color:rgb(119,119,119)"><font><div style="font-size:x-small"><br>
</div><div style="font-size:x-small">HOMER DEV TEAM</div></font></div><div style="color:rgb(119,119,119);font-size:x-small"><font size="1"><span style="color:rgb(119,119,119);font-family:Arial">QXIP - Network Engineering</span></font></div>
</div><div><br><br> </div><div class="gmail_quote">On Wed, May 1, 2013 at 3:43 PM, Kevin Masse <span dir="ltr"><<a href="mailto:kmasse@questblue.com" target="_blank">kmasse@questblue.com</a>></span> wrote:<br><blockquote style="margin:0px 0px 0px 0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid" class="gmail_quote">
Jeremie, use the IPTABLES drop rule.<br>
<br>
iptables -A INPUT -s IPADDRESS -j DROP<br>
<span class="HOEnZb"><font color="#888888"><br>
<br>
Kevin<br>
</font></span><div class="HOEnZb"><div class="h5"><br>
<br>
<br>
-----Original Message-----<br>
From: <a href="mailto:spce-user-bounces@lists.sipwise.com">spce-user-bounces@lists.sipwise.com</a><br>
[mailto:<a href="mailto:spce-user-bounces@lists.sipwise.com">spce-user-bounces@lists.sipwise.com</a>] On Behalf Of Jeremie Chism<br>
Sent: Wednesday, May 01, 2013 9:41 AM<br>
To: <a href="mailto:spce-user@lists.sipwise.com">spce-user@lists.sipwise.com</a><br>
Subject: [Spce-user] Registration attack<br>
<br>
We are receiving an attack of someone that is continuously trying to<br>
register to sipwise. There are so many attempts that the security ban<br>
tab is now returning an internal error. Is there a way to stop this or<br>
slow it down. I thought I remembered someone saying there was something<br>
that could be changed like returning a 200 ok on a ban. I am concerned<br>
about how this will impact sipwise since it is already showing signs of<br>
stress.<br>
<br>
Sent from my iPhone<br>
_______________________________________________<br>
Spce-user mailing list<br>
<a href="mailto:Spce-user@lists.sipwise.com">Spce-user@lists.sipwise.com</a><br>
<a href="http://lists.sipwise.com/listinfo/spce-user" target="_blank">http://lists.sipwise.com/listinfo/spce-user</a><br>
<br>
_______________________________________________<br>
Spce-user mailing list<br>
<a href="mailto:Spce-user@lists.sipwise.com">Spce-user@lists.sipwise.com</a><br>
<a href="http://lists.sipwise.com/listinfo/spce-user" target="_blank">http://lists.sipwise.com/listinfo/spce-user</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br><span style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)"><span style="font-family:Arial"><div style="color:rgb(119,119,119)">
<font><span style="color:rgb(119,119,119);font-family:Arial"><br></span></font></div><div style="color:rgb(119,119,119)"><font><span style="color:rgb(119,119,119);font-family:Arial"><br></span></font></div><div style="color:rgb(119,119,119);font-size:x-small">
<br></div></span></span>