<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hello,</p>
<p>what worked quite well so far for me was maintaining ipban and
ipallow htables, adding to ipallow the address of a successfully
authenticated request and adding to ipban the address of a
flooding end point (detected via pike or pipelimit) which is not
in ipallow.</p>
<p>Of course, skipping trusted fixed ip end points (e.g., pstn
gateways).<br>
</p>
<p>Most of the end points send the REGISTER and once authenticated
and gets back 200ok, then they flood with SUBSCRIBE for
BLF/MWI/Presence, but at that moment, the IP is in ipallow. I also
maintain an userban htable where to keep username:ip if that user
failed to authenticate 5 times in a row.<br>
</p>
<p>Anyhow, adding more layers of trusting levels is better.</p>
<p>Cheers,<br>
Daniel<br>
</p>
<div class="moz-cite-prefix">On 27.07.20 10:45, Mark Boyce wrote:<br>
</div>
<blockquote type="cite"
cite="mid:DA1FDE75-0065-46E9-AFDA-BB33DE660096@darkorigins.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
Hi
<div class=""><br class="">
</div>
<div class="">I only have ubuntu to hand. The latest v20.04 still
seems to include a country db version, although it’s from Dec
2019.</div>
<div class=""><br class="">
</div>
<div class="">Completely agree on security, and still wondering
how much admin overhead maintaining it is.</div>
<div class=""><br class="">
</div>
<div class="">At the moment I’m thinking of layering it like this;</div>
<div class=""><br class="">
</div>
<div class="">- Fixed IP</div>
<div class="">- Dynamic IP but Fixed ISP (AS)</div>
<div class="">- Mobile but Fixed/Limited Country<br class="">
<div>- Mobile no restrictions</div>
<div><br class="">
</div>
<div>Also playing with matching User-Agent from headers against
a list of RegEx’s to verify that the endpoint is the
make/model expected. </div>
<div><br class="">
</div>
<div><br class="">
</div>
<div>GeoIP Module - Great. I’ll have a look at module source
and try to document what’s involved.</div>
<div><br class="">
</div>
<div><br class="">
</div>
<div>Cheers</div>
<div>Mark</div>
<div><br class="">
<blockquote type="cite" class="">
<div class="">On 27 Jul 2020, at 09:14, Daniel-Constantin
Mierla <<a href="mailto:miconda@gmail.com" class=""
moz-do-not-send="true">miconda@gmail.com</a>> wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<div class="">Hello,<br class="">
<br class="">
indeed, I noticed a while ago MaxMind requires
registration to fetch the<br class="">
latest database, from that point I was still using a
local copy of an<br class="">
older version for testing. Are the major Linux distros
still shipping it?<br class="">
<br class="">
I can add lookup of AS to the module -- it would be
appreciated and<br class="">
speed up things if you can give some references/links to
the API/library<br class="">
docs for it.<br class="">
<br class="">
As for how much security it can bring, as always, it
depends. If you<br class="">
have only fixed lines customers, then it can be an extra
check. But if<br class="">
the people can use mobile apps, they can go in parks, or
public places<br class="">
and use mobile carriers or public wifi networks. Also, I
encountered<br class="">
situations when people do vpn from their mobile and show
up as coming<br class="">
from another country, a matter where the vpn server is
located.<br class="">
<br class="">
In general, the more restrictions you can set for end
point locations,<br class="">
the better. Still, they can be compromised even if they
are inside a<br class="">
known isp network...<br class="">
<br class="">
Cheers,<br class="">
Daniel<br class="">
<br class="">
On 23.07.20 12:18, Mark Boyce wrote:<br class="">
<blockquote type="cite" class="">Hi all<br class="">
<br class="">
Just looking at the latest GeoIP2 MaxMind databases
(now requires registration, but still free) and
noticed that they also include the AS (ISP) lookup one
in the free offering.<br class="">
<br class="">
Wondering if this is another way to facilitate better
security for users on dynamic IP. Typically working
from home these days.<br class="">
<br class="">
So, rather than just limiting an end device to a
country we could limit it to a particular ISP within
that country.<br class="">
<br class="">
Has anyone tried this? Have I missed a reason why this
wouldn’t help? Admin overhead not worth it?<br
class="">
<br class="">
Thoughts?<br class="">
<br class="">
Best regards<br class="">
Mark<br class="">
-- <br class="">
Mark Boyce<br class="">
Dark Origins Ltd<br class="">
<br class="">
_______________________________________________<br
class="">
Kamailio (SER) - Users Mailing List<br class="">
<a href="mailto:sr-users@lists.kamailio.org" class=""
moz-do-not-send="true">sr-users@lists.kamailio.org</a><br
class="">
<a class="moz-txt-link-freetext" href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br class="">
</blockquote>
<br class="">
-- <br class="">
Daniel-Constantin Mierla -- <a
href="http://www.asipto.com" class=""
moz-do-not-send="true">www.asipto.com</a><br class="">
<a href="http://www.twitter.com/miconda" class=""
moz-do-not-send="true">www.twitter.com/miconda</a> --
<a href="http://www.linkedin.com/in/miconda" class=""
moz-do-not-send="true">www.linkedin.com/in/miconda</a><br
class="">
Funding: <a href="https://www.paypal.me/dcmierla"
class="" moz-do-not-send="true">https://www.paypal.me/dcmierla</a><br
class="">
<br class="">
</div>
</div>
</blockquote>
</div>
<br class="">
<div class="">
<div style="color: rgb(0, 0, 0); letter-spacing: normal;
text-align: start; text-indent: 0px; text-transform: none;
white-space: normal; word-spacing: 0px;
-webkit-text-stroke-width: 0px; word-wrap: break-word;
-webkit-nbsp-mode: space; line-break: after-white-space;"
class="">
<div style="orphans: 2; widows: 2;" class=""><br class="">
</div>
<div style="orphans: 2; widows: 2;" class="">-- </div>
<div style="orphans: 2; widows: 2;" class="">Mark Boyce</div>
<div style="orphans: 2; widows: 2;" class="">Dark Origins
Ltd</div>
<div style="orphans: 2; widows: 2;" class="">e: <a
href="mailto:mark@darkorigins.com" class=""
moz-do-not-send="true">mark@darkorigins.com</a></div>
</div>
</div>
<br class="">
</div>
</blockquote>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla -- <a class="moz-txt-link-abbreviated" href="http://www.asipto.com">www.asipto.com</a>
<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/miconda">www.twitter.com/miconda</a> -- <a class="moz-txt-link-abbreviated" href="http://www.linkedin.com/in/miconda">www.linkedin.com/in/miconda</a>
Funding: <a class="moz-txt-link-freetext" href="https://www.paypal.me/dcmierla">https://www.paypal.me/dcmierla</a></pre>
</body>
</html>