Hi I am from Japan. Our SIP server was attacked last weekend. In fact SIP invite attack is from 193.107.xxx.xxx. But From header is 133.242.xxx.xxx. This is manipulated fake header. 133.242.xxx.xxx is our IP address. It seems Fail2ban does not work in this case. log size was very increase wit…

SIP attack with fake header

david55 (david55) January 13, 2022, 2:00pm 5

This is the thread I was thinking about, although it seems to have petered out before it was established why the security log wasn’t working for its OP:

Spoofed Brute force