Code: Select all
req OPTIONS from=100, to=100, udp:175.118.124.236:5060 False
req REGISTER from=2272000085, to=2272000085, udp:175.118.124.236:5115 False
req REGISTER from=1577873235, to=1577873235, udp:175.118.124.236:5117 False
req ACK from=125, to=125, udp:175.118.124.236:5115 False
req REGISTER from=Daichi, to=Daichi, udp:175.118.124.236:5117 False
req ACK from=127, to=127, udp:175.118.124.236:5115 False
req REGISTER from=Daiki, to=Daiki, udp:175.118.124.236:5117 False
req ACK from=128, to=128, udp:175.118.124.236:5115 False
req ACK from=Ai, to=Ai, udp:175.118.124.236:5117 False
req ACK from=129, to=129, udp:175.118.124.236:5115 False
req ACK from=Akane, to=Akane, udp:175.118.124.236:5117 False
req ACK from=130, to=130, udp:175.118.124.236:5115 False
req ACK from=Ami, to=Ami, udp:175.118.124.236:5117 False
req ACK from=Aoi, to=Aoi, udp:175.118.124.236:5117 False
req ACK from=131, to=131, udp:175.118.124.236:5115 False
req ACK from=Asuka, to=Asuka, udp:175.118.124.236:5117 False
req ACK from=132, to=132, udp:175.118.124.236:5115 False
req ACK from=133, to=133, udp:175.118.124.236:5115 False
req ACK from=Aya, to=Aya, udp:175.118.124.236:5117 False
req ACK from=134, to=134, udp:175.118.124.236:5115 False
req ACK from=Ayaka, to=Ayaka, udp:175.118.124.236:5117 False
req ACK from=135, to=135, udp:175.118.124.236:5115 False
req ACK from=136, to=136, udp:175.118.124.236:5115 False
req ACK from=Ayaka, to=Ayaka, udp:175.118.124.236:5117 False
req ACK from=137, to=137, udp:175.118.124.236:5115 False
req ACK from=Ayaka, to=Ayaka, udp:175.118.124.236:5117 False
req ACK from=Ayano, to=Ayano, udp:175.118.124.236:5117 False
req ACK from=141, to=141, udp:175.118.124.236:5115 False
req ACK from=143, to=143, udp:175.118.124.236:5115 False
req ACK from=145, to=145, udp:175.118.124.236:5115 False
req ACK from=Kotone, to=Kotone, udp:175.118.124.236:5117 False
req ACK from=146, to=146, udp:175.118.124.236:5115 False
req ACK from=Mai, to=Mai, udp:175.118.124.236:5117 False
req ACK from=150, to=150, udp:175.118.124.236:5115 False
req ACK from=151, to=151, udp:175.118.124.236:5115 False
req ACK from=152, to=152, udp:175.118.124.236:5115 False
req ACK from=153, to=153, udp:175.118.124.236:5115 False
req ACK from=154, to=154, udp:175.118.124.236:5115 False
req ACK from=2272000085, to=2272000085, udp:175.118.124.236:5115 False
req ACK from=1577873235, to=1577873235, udp:175.118.124.236:5117 False
2010-10-23 01:48:11,864 [sipchanneludp-9224] ERROR sipregistrar [(null)] - Register queue exceeded max queue size 1000, overloaded response sent.
these attacks do work as a DoS, as it's responsiveness to allowed request during the attack is considerably reduced.
I’m thinking about a module, placed before SipSorcery in the chain, that preprocesses incoming requests and updates the ACL in real-time. Increasing the frequency to read the SYSLOG and updating ACL would mean “more than once per minute” in the above scenario. The process would be very simple:
- Got request.
- Read sipaccounts
- If not available or not allowed update and rewrite router ACL and deny
Any other ideas are welcome.