<div dir="ltr"><div>Daniel and Sipwise,</div><div>I read your link but have a quick question</div>Any way of blocking request that don't respond 407 after X number of request from a certain IP? if so, how would I be able to do that?<div><div><br></div><div>These dialers will just ignore 407 request and keep trying random numbers to call</div></div></div><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Apr 2, 2019 at 7:44 AM Daniel-Constantin Mierla <<a href="mailto:miconda@gmail.com" target="_blank">miconda@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<p>Hello,</p>
<p>see my comment inline ...<br>
</p>
<div class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-cite-prefix">On 01.04.19 18:18, Hohl Matthias wrote:<br>
</div>
<blockquote type="cite">
<div class="gmail-m_-1232437872396375165gmail-m_443333350961853949WordSection1">
<p class="MsoNormal">Hello,<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><span lang="EN-US">i found out, that there
are a lot of spam requests on proxy and lb from the same IP
address witch was trying to connect with different users
every few seconds.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">The problem: also if
this was always successfully rejected, it would be fine if
fail2ban would ban the IP from them requests also, but I
have no possibility to block the ip, cause the log-string
with the “authentication failed, no credentials” has no UA
IP information inside.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">I thought about to add
this UA IP information into the log string for
“Authentication failed, no credentials” but this failure
string happens also for valid subsribers like here:<u></u><u></u></span></p>
<p class="MsoNormal"><i><span style="font-size:8pt" lang="EN-US"><u></u> <u></u></span></i></p>
<p class="MsoNormal" style="margin-left:35.4pt"><i><span style="font-size:8pt" lang="EN-US">Apr 1 18:06:06 spce
proxy[2106]: NOTICE: <script>: New request on proxy
- M=REGISTER R=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:sip.telematica.at</a>
F=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:xxxxxxxx@sip.telematica.at</a>
T=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:xxxxxxxx@sip.telematica.at</a> IP=144.xxx.xxx.xxx:49152
(<a href="http://127.0.0.1:5060" target="_blank">127.0.0.1:5060</a>) ID=3533311694@10_0_0_1 UA='N510 IP
PRO/42.243.00.000.000' DESTIP=<a href="http://127.0.0.1:5062" target="_blank">127.0.0.1:5062</a><u></u><u></u></span></i></p>
<p class="MsoNormal" style="margin-left:35.4pt"><i><span style="font-size:8pt" lang="EN-US">Apr 1 18:06:06 spce
proxy[2106]: NOTICE: <script>: Sending reply S=100
Trying fs='<a href="http://127.0.0.1:5062" target="_blank">127.0.0.1:5062</a>' du='<a href="http://127.0.0.1:5060" target="_blank">127.0.0.1:5060</a>' -
R=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:sip.telematica.at</a> ID=3533311694@10_0_0_1 UA='N510 IP
PRO/42.243.00.000.000'<u></u><u></u></span></i></p>
<p class="MsoNormal" style="margin-left:35.4pt"><i><span style="font-size:8pt" lang="EN-US">Apr 1 18:06:06 spce
proxy[2106]: NOTICE: <script>: Authentication
failed, no credentials - R=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:sip.telematica.at</a>
ID=3533311694@10_0_0_1 UA='N510 IP PRO/42.243.00.000.000'
Auth=<null><u></u><u></u></span></i></p>
<p class="MsoNormal" style="margin-left:35.4pt"><i><span style="font-size:8pt" lang="EN-US">Apr 1 18:06:06 spce
proxy[2106]: NOTICE: <script>: Sending reply S=401
fs='<a href="http://127.0.0.1:5062" target="_blank">127.0.0.1:5062</a>' du='<a href="http://127.0.0.1:5060" target="_blank">127.0.0.1:5060</a>' -
ID=3533311694@10_0_0_1 UA='N510 IP PRO/42.243.00.000.000'<u></u><u></u></span></i></p>
<p class="MsoNormal" style="margin-left:35.4pt"><i><span style="font-size:8pt" lang="EN-US">Apr 1 18:06:06 spce
proxy[2109]: NOTICE: <script>: New request on proxy
- M=REGISTER R=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:sip.telematica.at</a>
F=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:xxxxxxxx@sip.telematica.at</a>
T=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:xxxxxxxx@sip.telematica.at</a> IP=144.xxx.xxx.xxx:49152
(<a href="http://127.0.0.1:5060" target="_blank">127.0.0.1:5060</a>) ID=3533311694@10_0_0_1 UA='N510 IP
PRO/42.243.00.000.000' DESTIP=<a href="http://127.0.0.1:5062" target="_blank">127.0.0.1:5062</a><u></u><u></u></span></i></p>
<p class="MsoNormal" style="margin-left:35.4pt"><i><span style="font-size:8pt" lang="EN-US">Apr 1 18:06:06 spce
proxy[2109]: NOTICE: <script>: Sending reply S=100
Trying fs='<a href="http://127.0.0.1:5062" target="_blank">127.0.0.1:5062</a>' du='<a href="http://127.0.0.1:5060" target="_blank">127.0.0.1:5060</a>' -
R=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:sip.telematica.at</a> ID=3533311694@10_0_0_1 UA='N510 IP
PRO/42.243.00.000.000'<u></u><u></u></span></i></p>
<p class="MsoNormal" style="margin-left:35.4pt"><i><span style="font-size:8pt" lang="EN-US">Apr 1 18:06:06 spce
proxy[2109]: NOTICE: <script>: Contacts successfully
updated, expires in 600s - R=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:sip.telematica.at</a>
ID=3533311694@10_0_0_1 UA='N510 IP PRO/42.243.00.000.000'<u></u><u></u></span></i></p>
<p class="MsoNormal" style="margin-left:35.4pt"><i><span style="font-size:8pt" lang="EN-US">Apr 1 18:06:06 spce
proxy[2109]: NOTICE: <script>: Sending reply S=200
OK fs='<a href="http://127.0.0.1:5062" target="_blank">127.0.0.1:5062</a>' du='<a href="http://127.0.0.1:5060" target="_blank">127.0.0.1:5060</a>' -
R=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:sip.telematica.at</a> ID=3533311694@10_0_0_1 UA='N510 IP
PRO/42.243.00.000.000'<u></u><u></u></span></i></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">So how to deal with this
kind of requests to block the IP address correctly with
fail2ban?<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">At the moment, I can’t
distinguish if this is a “vald” authentication failed or if
this is from a spam request.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">Does anybody has an
idea?<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">Thanks.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><i><span style="font-size:9pt" lang="EN-US">Kamailio-lb<u></u><u></u></span></i></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><i><span style="font-size:8pt" lang="EN-US">Apr 1 09:16:03 spce lb[1267]: NOTICE:
<script>: Sending reply from inbound,
fs='<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">udp:176.123.xxx.xxx:5060</a>' du='<a href="http://102.165.51.10:60560" target="_blank">102.165.51.10:60560</a>' -
ID=1672410852-1750384450-124595706 UA='<null>'<u></u><u></u></span></i></p>
<p class="MsoNormal"><i><span style="font-size:8pt" lang="EN-US">Apr 1 09:16:03 spce lb[1265]: NOTICE:
<script>: Sending reply from inbound,
fs='<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">udp:176.123.xxx.xxx:5060</a>' du='<a href="http://102.165.51.10:60560" target="_blank">102.165.51.10:60560</a>' -
ID=1672410852-1750384450-124595706 UA='<null>'<u></u><u></u></span></i></p>
<p class="MsoNormal"><i><span style="font-size:8pt" lang="EN-US">Apr 1 09:16:03 spce lb[1245]: NOTICE:
<script>: New request on lb - M=INVITE
R=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:00180048893076001@176.123.yyy.yyy</a>
F=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:800003@176.123.yyy.yyy</a>
T=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:00180048893076001@176.123.yyy.yyy</a>
IP=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">udp:102.165.51.10:60684</a>
ID=1796109365-625332604-148124457 UA='Linksys-SPA942'
DESTIP=176.123.yyy.yyy:5060<u></u><u></u></span></i></p>
<p class="MsoNormal"><i><span style="font-size:8pt" lang="EN-US">Apr 1 09:16:03 spce lb[1267]: NOTICE:
<script>: Sending reply from inbound,
fs='<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">udp:176.123.yyy.yyy:5060</a>' du='<a href="http://102.165.51.10:60684" target="_blank">102.165.51.10:60684</a>' -
ID=1796109365-625332604-148124457 UA='<null>'<u></u><u></u></span></i></p>
<p class="MsoNormal"><i><span style="font-size:8pt" lang="EN-US">Apr 1 09:16:03 spce lb[1265]: NOTICE:
<script>: Sending reply from inbound,
fs='<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">udp:176.123.yyy.yyy:5060</a>' du='<a href="http://102.165.51.10:60684" target="_blank">102.165.51.10:60684</a>' -
ID=1796109365-625332604-148124457 UA='<null>'<u></u><u></u></span></i></p>
<p class="MsoNormal"><i><span style="font-size:8pt" lang="EN-US">Apr 1 09:16:46 spce lb[1236]: NOTICE:
<script>: New request on lb - M=INVITE
R=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:00190048893076001@176.123.xxx.xxx</a>
F=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:800003@176.123.xxx.xxx</a>
T=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:00190048893076001@176.123.xxx.xxx</a>
IP=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">udp:102.165.51.10:63019</a>
ID=1288822511-772044424-1097930615 UA='Linksys-SPA942'
DESTIP=176.123.xxx.xxx:5060<u></u><u></u></span></i></p>
<p class="MsoNormal"><i><span style="font-size:8pt" lang="EN-US">Apr 1 09:16:46 spce lb[1262]: NOTICE:
<script>: Sending reply from inbound,
fs='<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">udp:176.123.xxx.xxx:5060</a>' du='<a href="http://102.165.51.10:63019" target="_blank">102.165.51.10:63019</a>' -
ID=1288822511-772044424-1097930615 UA='<null>'<u></u><u></u></span></i></p>
<p class="MsoNormal"><i><span style="font-size:8pt" lang="EN-US">Apr 1 09:16:46 spce lb[1268]: NOTICE:
<script>: Sending reply from inbound,
fs='<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">udp:176.123.xxx.xxx:5060</a>' du='<a href="http://102.165.51.10:63019" target="_blank">102.165.51.10:63019</a>' -
ID=1288822511-772044424-1097930615 UA='<null>'<u></u><u></u></span></i></p>
<p class="MsoNormal"><i><span style="font-size:8pt" lang="EN-US">Apr 1 09:16:46 spce lb[1241]: NOTICE:
<script>: New request on lb - M=INVITE
R=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:00190048893076001@176.123.yyy.yyy</a>
F=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:800003@176.123.yyy.yyy</a>
T=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:00190048893076001@176.123.yyy.yyy</a>
IP=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">udp:102.165.51.10:63172</a>
ID=106321133-2131130927-801675635 UA='Linksys-SPA942'
DESTIP=176.123.yyy.yyy:5060<u></u><u></u></span></i></p>
<p class="MsoNormal"><i><span style="font-size:8pt" lang="EN-US">Apr 1 09:16:46 spce lb[1267]: NOTICE:
<script>: Sending reply from inbound,
fs='<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">udp:176.123.yyy.yyy:5060</a>' du='<a href="http://102.165.51.10:63172" target="_blank">102.165.51.10:63172</a>' -
ID=106321133-2131130927-801675635 UA='<null>'<u></u><u></u></span></i></p>
<p class="MsoNormal"><i><span style="font-size:8pt" lang="EN-US">Apr 1 09:16:46 spce lb[1264]: NOTICE:
<script>: Sending reply from inbound,
fs='<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">udp:176.123.yyy.yyy:5060</a>' du='<a href="http://102.165.51.10:63172" target="_blank">102.165.51.10:63172</a>' -
ID=106321133-2131130927-801675635 UA='<null>'<u></u><u></u></span></i></p>
<p class="MsoNormal"><i><span style="font-size:8pt" lang="EN-US">Apr 1 09:17:31 spce lb[1231]: NOTICE:
<script>: New request on lb - M=INVITE
R=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:00210048893076001@176.123.xxx.xxx</a>
F=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:800003@176.123.xxx.xxx</a>
T=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:00210048893076001@176.123.xxx.xxx</a>
IP=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">udp:102.165.51.10:53471</a>
ID=11643804-699651008-1420889866 UA='Linksys-SPA942'
DESTIP=176.123.xxx.xxx:5060<u></u><u></u></span></i></p>
<p class="MsoNormal"><i><span style="font-size:8pt" lang="EN-US"><u></u> <u></u></span></i></p>
<p class="MsoNormal"><i><span style="font-size:8pt" lang="EN-US"><u></u> <u></u></span></i></p>
<p class="MsoNormal"><i><span style="font-size:8pt" lang="EN-US">Kamailio-proxy<u></u><u></u></span></i></p>
<p class="MsoNormal"><i><span style="font-size:8pt" lang="EN-US"><u></u> <u></u></span></i></p>
<p class="MsoNormal"><i><span style="font-size:8pt" lang="EN-US">Apr 1 09:25:32 spce proxy[2114]: NOTICE:
<script>: New request on proxy - M=INVITE
R=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:00350048893076001@176.123.yyy.yyy</a>
F=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:800003@176.123.yyy.yyy</a>
T=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:00350048893076001@176.123.yyy.yyy</a>
IP=<a href="http://102.165.51.10:58694" target="_blank">102.165.51.10:58694</a> (<a href="http://127.0.0.1:5060" target="_blank">127.0.0.1:5060</a>)
ID=758118326-653611733-771601277 UA='Linksys-SPA942'
DESTIP=<a href="http://127.0.0.1:5062" target="_blank">127.0.0.1:5062</a><u></u><u></u></span></i></p>
<p class="MsoNormal"><i><span style="font-size:8pt" lang="EN-US">Apr 1 09:26:14 spce proxy[2113]: NOTICE:
<script>: New request on proxy - M=INVITE
R=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:00360048893076001@176.123.xxx.xxx</a>
F=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:800003@176.123.xxx.xxx</a>
T=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:00360048893076001@176.123.xxx.xxx</a>
IP=<a href="http://102.165.51.10:57072" target="_blank">102.165.51.10:57072</a> (<a href="http://127.0.0.1:5060" target="_blank">127.0.0.1:5060</a>)
ID=1313552761-549894790-1246968706 UA='Linksys-SPA942'
DESTIP=<a href="http://127.0.0.1:5062" target="_blank">127.0.0.1:5062</a><u></u><u></u></span></i></p>
<p class="MsoNormal"><i><span style="font-size:8pt" lang="EN-US">Apr 1 09:26:14 spce proxy[2120]: NOTICE:
<script>: New request on proxy - M=INVITE
R=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:00360048893076001@176.123.yyy.yyy</a>
F=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:800003@176.123.yyy.yyy</a>
T=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:00360048893076001@176.123.yyy.yyy</a>
IP=<a href="http://102.165.51.10:57257" target="_blank">102.165.51.10:57257</a> (<a href="http://127.0.0.1:5060" target="_blank">127.0.0.1:5060</a>)
ID=543892649-1826253356-1114326864 UA='Linksys-SPA942'
DESTIP=<a href="http://127.0.0.1:5062" target="_blank">127.0.0.1:5062</a><u></u><u></u></span></i></p>
<p class="MsoNormal"><i><span style="font-size:8pt" lang="EN-US">Apr 1 09:26:56 spce proxy[2113]: NOTICE:
<script>: New request on proxy - M=INVITE
R=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:00370048893076001@176.123.xxx.xxx</a>
F=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:800003@176.123.xxx.xxx</a>
T=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:00370048893076001@176.123.xxx.xxx</a>
IP=<a href="http://102.165.51.10:53653" target="_blank">102.165.51.10:53653</a> (<a href="http://127.0.0.1:5060" target="_blank">127.0.0.1:5060</a>)
ID=216044731-1767486066-1766299769 UA='Linksys-SPA942'
DESTIP=<a href="http://127.0.0.1:5062" target="_blank">127.0.0.1:5062</a><u></u><u></u></span></i></p>
<p class="MsoNormal"><i><span style="font-size:8pt" lang="EN-US">Apr 1 09:26:56 spce proxy[2114]: NOTICE:
<script>: New request on proxy - M=INVITE
R=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:00370048893076001@176.123.yyy.yyy</a>
F=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:800003@176.123.yyy.yyy</a>
T=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:00370048893076001@176.123.yyy.yyy</a>
IP=<a href="http://102.165.51.10:57149" target="_blank">102.165.51.10:57149</a> (<a href="http://127.0.0.1:5060" target="_blank">127.0.0.1:5060</a>)
ID=1129853686-565291733-1459199345 UA='Linksys-SPA942'
DESTIP=<a href="http://127.0.0.1:5062" target="_blank">127.0.0.1:5062</a><u></u><u></u></span></i></p>
<p class="MsoNormal"><i><span style="font-size:8pt" lang="EN-US">Apr 1 09:27:38 spce proxy[2106]: NOTICE:
<script>: New request on proxy - M=INVITE
R=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:00380048893076001@176.123.xxx.xxx</a>
F=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:800003@176.123.xxx.xxx</a>
T=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:00380048893076001@176.123.xxx.xxx</a>
IP=<a href="http://102.165.51.10:49934" target="_blank">102.165.51.10:49934</a> (<a href="http://127.0.0.1:5060" target="_blank">127.0.0.1:5060</a>)
ID=1744315013-324263357-1391421940 UA='Linksys-SPA942'
DESTIP=<a href="http://127.0.0.1:5062" target="_blank">127.0.0.1:5062</a><u></u><u></u></span></i></p>
<p class="MsoNormal"><i><span style="font-size:8pt" lang="EN-US">Apr 1 09:27:38 spce proxy[2119]: NOTICE:
<script>: New request on proxy - M=INVITE
R=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:00380048893076001@176.123.yyy.yyy</a>
F=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:800003@176.123.yyy.yyy</a>
T=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:00380048893076001@176.123.yyy.yyy</a>
IP=<a href="http://102.165.51.10:50073" target="_blank">102.165.51.10:50073</a> (<a href="http://127.0.0.1:5060" target="_blank">127.0.0.1:5060</a>)
ID=912346842-169557483-295698979 UA='Linksys-SPA942'
DESTIP=<a href="http://127.0.0.1:5062" target="_blank">127.0.0.1:5062</a><u></u><u></u></span></i></p>
<p class="MsoNormal"><i><span style="font-size:8pt" lang="EN-US">Apr 1 09:28:19 spce proxy[2109]: NOTICE:
<script>: New request on proxy - M=INVITE
R=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:00390048893076001@176.123.xxx.xxx</a>
F=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:800003@176.123.xxx.xxx</a>
T=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:00390048893076001@176.123.xxx.xxx</a>
IP=<a href="http://102.165.51.10:62577" target="_blank">102.165.51.10:62577</a> (<a href="http://127.0.0.1:5060" target="_blank">127.0.0.1:5060</a>)
ID=218036742-1902467074-1213502867 UA='Linksys-SPA942'
DESTIP=<a href="http://127.0.0.1:5062" target="_blank">127.0.0.1:5062</a><u></u><u></u></span></i></p>
<p class="MsoNormal"><i><span style="font-size:8pt" lang="EN-US">Apr 1 09:28:19 spce proxy[2119]: NOTICE:
<script>: New request on proxy - M=INVITE
R=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:00390048893076001@176.123.yyy.yyy</a>
F=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:800003@176.123.yyy.yyy</a>
T=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:00390048893076001@176.123.yyy.yyy</a>
IP=<a href="http://102.165.51.10:65059" target="_blank">102.165.51.10:65059</a> (<a href="http://127.0.0.1:5060" target="_blank">127.0.0.1:5060</a>)
ID=1844126573-2124940025-382233674 UA='Linksys-SPA942'
DESTIP=<a href="http://127.0.0.1:5062" target="_blank">127.0.0.1:5062</a><u></u><u></u></span></i></p>
<p class="MsoNormal"><i><span style="font-size:8pt" lang="EN-US"><u></u> <u></u></span></i></p>
<p class="MsoNormal"><i><span style="font-size:8pt" lang="EN-US"><u></u> <u></u></span></i></p>
<p class="MsoNormal"><i><span style="font-size:8pt" lang="EN-US"><u></u> <u></u></span></i></p>
<p class="MsoNormal"><i><span style="font-size:8pt" lang="EN-US">root@spce:~# cat
/var/log/ngcp/kamailio-lb.log | grep -i
'912346842-169557483-295698979'<u></u><u></u></span></i></p>
<p class="MsoNormal"><i><span style="font-size:8pt" lang="EN-US">Apr 1 09:27:38 spce lb[1241]: NOTICE:
<script>: New request on lb - M=INVITE
R=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:00380048893076001@176.123.yyy.yyy</a>
F=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:800003@176.123.yyy.yyy</a>
T=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:00380048893076001@176.123.yyy.yyy</a>
IP=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">udp:102.165.51.10:50073</a>
ID=912346842-169557483-295698979 UA='Linksys-SPA942'
DESTIP=176.123.yyy.yyy:5060<u></u><u></u></span></i></p>
<p class="MsoNormal"><i><span style="font-size:8pt" lang="EN-US">Apr 1 09:27:38 spce lb[1241]: NOTICE:
<script>: Relaying request, fs='<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">udp:127.0.0.1:5060</a>'
du='<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:127.0.0.1:5062</a>' -
R=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:00380048893076001@176.123.yyy.yyy</a>
ID=912346842-169557483-295698979 UA='Linksys-SPA942'<u></u><u></u></span></i></p>
<p class="MsoNormal"><i><span style="font-size:8pt" lang="EN-US">Apr 1 09:27:38 spce lb[1268]: NOTICE:
<script>: Reply from Inbound - S=100 - Trying
M=INVITE IP=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">udp:127.0.0.1:5062</a>
ID=912346842-169557483-295698979 UA='<null>'
DESTIP=<a href="http://127.0.0.1:5060" target="_blank">127.0.0.1:5060</a><u></u><u></u></span></i></p>
<p class="MsoNormal"><i><span style="font-size:8pt" lang="EN-US">Apr 1 09:27:38 spce lb[1268]: NOTICE:
<script>: Sending reply from inbound,
fs='<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">udp:176.123.yyy.yyy:5060</a>' du='<a href="http://102.165.51.10:50073" target="_blank">102.165.51.10:50073</a>' -
ID=912346842-169557483-295698979 UA='<null>'<u></u><u></u></span></i></p>
<p class="MsoNormal"><i><span style="font-size:8pt" lang="EN-US">Apr 1 09:27:38 spce lb[1263]: NOTICE:
<script>: Reply from Inbound - S=407 - Proxy
Authentication Required M=INVITE IP=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">udp:127.0.0.1:5062</a>
ID=912346842-169557483-295698979 UA='<null>'
DESTIP=<a href="http://127.0.0.1:5060" target="_blank">127.0.0.1:5060</a><u></u><u></u></span></i></p>
<p class="MsoNormal"><i><span style="font-size:8pt" lang="EN-US">Apr 1 09:27:38 spce lb[1263]: NOTICE:
<script>: Sending reply from inbound,
fs='<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">udp:176.123.yyy.yyy:5060</a>' du='<a href="http://102.165.51.10:50073" target="_blank">102.165.51.10:50073</a>' -
ID=912346842-169557483-295698979 UA='<null>'<u></u><u></u></span></i></p>
<p class="MsoNormal"><i><span style="font-size:8pt" lang="EN-US">root@spce:~#<u></u><u></u></span></i></p>
<p class="MsoNormal"><i><span style="font-size:8pt" lang="EN-US"><u></u> <u></u></span></i></p>
<p class="MsoNormal"><i><span style="font-size:8pt" lang="EN-US">root@spce:~# cat
/var/log/ngcp/kamailio-proxy.log | grep -i
'912346842-169557483-295698979'<u></u><u></u></span></i></p>
<p class="MsoNormal"><i><span style="font-size:8pt" lang="EN-US">Apr 1 09:27:38 spce proxy[2119]: NOTICE:
<script>: New request on proxy - M=INVITE
R=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:00380048893076001@176.123.yyy.yyy</a>
F=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:800003@176.123.yyy.yyy</a>
T=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:00380048893076001@176.123.yyy.yyy</a>
IP=<a href="http://102.165.51.10:50073" target="_blank">102.165.51.10:50073</a> (<a href="http://127.0.0.1:5060" target="_blank">127.0.0.1:5060</a>)
ID=912346842-169557483-295698979 UA='Linksys-SPA942'
DESTIP=<a href="http://127.0.0.1:5062" target="_blank">127.0.0.1:5062</a><u></u><u></u></span></i></p>
<p class="MsoNormal"><i><span style="font-size:8pt" lang="EN-US">Apr 1 09:27:38 spce proxy[2119]: NOTICE:
<script>: Sending reply S=100 Trying
fs='<a href="http://127.0.0.1:5062" target="_blank">127.0.0.1:5062</a>' du='<a href="http://127.0.0.1:5060" target="_blank">127.0.0.1:5060</a>' -
R=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:00380048893076001@176.123.yyy.yyy</a>
ID=912346842-169557483-295698979 UA='Linksys-SPA942'<u></u><u></u></span></i></p>
<p class="MsoNormal"><i><span style="font-size:8pt" lang="EN-US">Apr 1 09:27:38 spce proxy[2119]: NOTICE:
<script>: Authentication failed, no credentials -
R=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:00380048893076001@176.123.yyy.yyy</a>
ID=912346842-169557483-295698979 UA='Linksys-SPA942'
Auth=<null><u></u><u></u></span></i></p>
<p class="MsoNormal"><i><span style="font-size:8pt" lang="EN-US">Apr 1 09:27:38 spce proxy[2119]: NOTICE:
<script>: Sending reply S=407 fs='<a href="http://127.0.0.1:5062" target="_blank">127.0.0.1:5062</a>'
du='<a href="http://127.0.0.1:5060" target="_blank">127.0.0.1:5060</a>' - ID=912346842-169557483-295698979
UA='Linksys-SPA942'<u></u><u></u></span></i></p>
<p class="MsoNormal"><i><span style="font-size:8pt" lang="EN-US">Apr 1 09:27:38 spce proxy[2113]: NOTICE:
<script>: New request on proxy - M=ACK
R=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:00380048893076001@176.123.yyy.yyy</a>
F=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:800003@176.123.yyy.yyy</a>
T=<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-freetext">sip:00380048893076001@176.123.yyy.yyy</a>
IP=<null>:<null> (<a href="http://127.0.0.1:5060" target="_blank">127.0.0.1:5060</a>)
ID=912346842-169557483-295698979 UA='<null>'
DESTIP=<a href="http://127.0.0.1:5062" target="_blank">127.0.0.1:5062</a></span></i></p>
</div>
</blockquote>
<p>there are some hints on security to use in kamailio.cfg collected
in our wiki at:</p>
<p> * <a href="https://www.kamailio.org/wiki/tutorials/security/kamailio-security" target="_blank">https://www.kamailio.org/wiki/tutorials/security/kamailio-security</a></p>
<p>Fail2ban is an option as well. I would suggest to count the
failed authentication per user per IP and then block the IP using
htable or fail2ban. The link above has suggestions for failed
authentication per user, I would also add condition on ip there...</p>
<p>Cheers,<br>
Daniel<br>
</p>
<pre class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-signature" cols="72">--
Daniel-Constantin Mierla -- <a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-abbreviated" href="http://www.asipto.com" target="_blank">www.asipto.com</a>
<a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-abbreviated" href="http://www.twitter.com/miconda" target="_blank">www.twitter.com/miconda</a> -- <a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-abbreviated" href="http://www.linkedin.com/in/miconda" target="_blank">www.linkedin.com/in/miconda</a>
Kamailio World Conference - May 6-8, 2019 -- <a class="gmail-m_-1232437872396375165gmail-m_443333350961853949moz-txt-link-abbreviated" href="http://www.kamailioworld.com" target="_blank">www.kamailioworld.com</a></pre>
</div>
_______________________________________________<br>
Spce-user mailing list<br>
<a href="mailto:Spce-user@lists.sipwise.com" target="_blank">Spce-user@lists.sipwise.com</a><br>
<a href="https://lists.sipwise.com/listinfo/spce-user" rel="noreferrer" target="_blank">https://lists.sipwise.com/listinfo/spce-user</a><br>
</blockquote></div>