On Fri, Sep 16, 2016 at 07:54:20AM +0100, Eric Koome wrote:
Hi all - my Kamailio - 4.1.6 is receiving this particular structured INVITES from multiple IPs, and for some reason it is not requesting authentication. I have AUTH & IPAUTH modules in use for two years now, but this is bypassing that and actually forwarding the invite to asterisk servers behind Kamailio.
I notice from the invite that the contact (c=IN IP4 10.10.10.10) is unusual and in the private range. Is this what is bypassing Authentication?
Depends on what you are doing to authenticate, but normally you wouldn't use SDP body stuff for authentication. So it's unlikely.
Any Pointers on how to stop this. This is flooding my boxes!
Take a look at pike http://kamailio.org/docs/modules/stable/modules/pike.html or maybe (never used it so far) pipelimit http://kamailio.org/docs/modules/stable/modules/pipelimit.html
BTW for me all INVITEs for numbers starting with 9 indicate to toll fraud. You might want to setup a honeypot and create a blocklist of IPs