You can use dns name as SIP realm.
Then you can silencly drop messages that contains IP address to From/To
field
Example
вт, 10 окт. 2017 г., 13:36 Daniel-Constantin Mierla <miconda(a)gmail.com>om>:
Hello,
On 09.10.17 12:17, Mark Boyce wrote:
Hi Daniel,
Thanks, I see tcpops lets us set the lifetime … although it’s not really
the
length of the lifetime that concerns me.
I guess I’m thinking more a SIP TCP Firewall type of system. If someone
is
scanning/ddos/etc I don’t think we should be sending a response at all,
unless there’s something I’ve missed?
usually is better not to send a response, especially when matching the
attack first time, so it doesn't discover it is a sip server. If the
attacker already knows, sometimes it helps to just send a 200 ok
response, because that may make the scanning script stop, because it
thinks it has discovered a good password.
We could just use fail2ban but that would mean
spawning an executable or
writing each attempt to logs.
That's an option used by many out there, a matter of preferences.
Maybe I’m doing things the wrong way round but I can’t help feeling that
letting
kamailio see the attempts and log stats, sources, etc is more
useful than an iptables drop?
I typically do it with kamailio, as I am more familiar with.
Of course, there is always the option to add a function to close a tcp
connection (as alternative to setting lifetime to 1 sec), but one has to
go and code it, tcpops is a good place for such addition.
Cheers,
Daniel
Cheers,
Mark
> On 9 Oct 2017, at 10:51, Daniel-Constantin Mierla <miconda(a)gmail.com>
wrote:
>
> Hello,
>
> tcpops module offers a function to set the lifetime of a tcp connection,
> so you can set it to 1 second:
>
> -https://www.kamailio.org/docs/modules/stable/modules/tcpops.html
>
> Core offers a function to instruct closing the connection once a reply
> has been sent, but it seems you don't want to send anything back.
>
> Cheers,
> Daniel
>
>
> On 08.10.17 22:11, Mark Boyce wrote:
>> Hi all
>>
>> Just working on some connections security filters on a Kamailio
install.
The security goes something like this;
>>
>> In REQINT … if source_ip is not in customers IP white-list then just
exit
>>
>> This works fine for UDP where packets are just ignored if they don’t
come
from a trusted IP.
>>
>> However on TCP this leads to the connection staying open until it
either
times out or the source disconnects. Which feels untidy.
>>
>> Is there a way to say close the TCP connection from within the config
script?
>>
>> Thanks
>>
>> Mark
> --
> Daniel-Constantin Mierla
>
www.twitter.com/miconda --
www.linkedin.com/in/miconda
> Kamailio Advanced Training -
www.asipto.com
> Kamailio World Conference -
www.kamailioworld.com
>
--
Daniel-Constantin Mierla
www.twitter.com/miconda --
www.linkedin.com/in/miconda
Kamailio Advanced Training -
www.asipto.com
Kamailio World Conference -
www.kamailioworld.com
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users