Hi all,
I'm testing and moving my kamailio script to use the newer secfilter module.
In the past, I was replying "200 Ok" to "friendly scanners"...
With the newer secfilter module, it looks like I can't send a reply with "sl_send_reply("200", "OK")"
secf_check_ua(); if ($? == -2) { sl_send_reply("200", "OK"); exit; }
I have read the code of the secfilter, but I was not able to see any specific code to silently discard the SIP request.
I can see in the documentation about "secf_check_sqli_all", that the SIP message is supposed to be "dropped". I can see "w_check_sqli_all" returns 0 on detection and w_check_ua returns -2 upon detection.
Are the message discarded because a negative value was returned?
Would it be doable, using the secfilter, to still reply 200 Ok? Regards Aymeric
Hi Aymeric
Try to use force_rport() after sl_send_reply:
secf_check_ua(); if ($? == -2) { force_rport(); sl_send_reply("200", "OK"); exit; }
For secf_check_sqli_all() the module drops the packet if a sqli is detected in any header but for other functions as secf_check_sqli_ua() it returns a negative code for detection and you choose if you want to drop the packet or not
Regards
On Tue, 3 Dec 2019 at 15:48, Aymeric Moizard amoizard@gmail.com wrote:
Hi all,
I'm testing and moving my kamailio script to use the newer secfilter module.
In the past, I was replying "200 Ok" to "friendly scanners"...
With the newer secfilter module, it looks like I can't send a reply with "sl_send_reply("200", "OK")"
secf_check_ua(); if ($? == -2) { sl_send_reply("200", "OK"); exit; }
I have read the code of the secfilter, but I was not able to see any specific code to silently discard the SIP request.
I can see in the documentation about "secf_check_sqli_all", that the SIP message is supposed to be "dropped". I can see "w_check_sqli_all" returns 0 on detection and w_check_ua returns -2 upon detection.
Are the message discarded because a negative value was returned?
Would it be doable, using the secfilter, to still reply 200 Ok? Regards Aymeric
-- Antisip - http://www.antisip.com _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Sorry ... Try to use force_rport() *before* sl_send_reply
On Tue, 3 Dec 2019 at 16:37, Pepelux pepeluxx@gmail.com wrote:
Hi Aymeric
Try to use force_rport() after sl_send_reply:
secf_check_ua(); if ($? == -2) { force_rport(); sl_send_reply("200", "OK"); exit; }
For secf_check_sqli_all() the module drops the packet if a sqli is detected in any header but for other functions as secf_check_sqli_ua() it returns a negative code for detection and you choose if you want to drop the packet or not
Regards
On Tue, 3 Dec 2019 at 15:48, Aymeric Moizard amoizard@gmail.com wrote:
Hi all,
I'm testing and moving my kamailio script to use the newer secfilter module.
In the past, I was replying "200 Ok" to "friendly scanners"...
With the newer secfilter module, it looks like I can't send a reply with "sl_send_reply("200", "OK")"
secf_check_ua(); if ($? == -2) { sl_send_reply("200", "OK"); exit; }
I have read the code of the secfilter, but I was not able to see any specific code to silently discard the SIP request.
I can see in the documentation about "secf_check_sqli_all", that the SIP message is supposed to be "dropped". I can see "w_check_sqli_all" returns 0 on detection and w_check_ua returns -2 upon detection.
Are the message discarded because a negative value was returned?
Would it be doable, using the secfilter, to still reply 200 Ok? Regards Aymeric
-- Antisip - http://www.antisip.com _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Hi,
Tks a lot for the answer.
I'm surprised if that would fix the issue. The missing 200 ok was for an invite with a via containing a public IP and no port.
I would expect sl_send_reply to send something, even if to the wrong port?
Regards Aymeric
Le mar. 3 déc. 2019 à 16:40, Pepelux pepeluxx@gmail.com a écrit :
Sorry ... Try to use force_rport() *before* sl_send_reply
On Tue, 3 Dec 2019 at 16:37, Pepelux pepeluxx@gmail.com wrote:
Hi Aymeric
Try to use force_rport() after sl_send_reply:
secf_check_ua(); if ($? == -2) { force_rport(); sl_send_reply("200", "OK"); exit; }
For secf_check_sqli_all() the module drops the packet if a sqli is detected in any header but for other functions as secf_check_sqli_ua() it returns a negative code for detection and you choose if you want to drop the packet or not
Regards
On Tue, 3 Dec 2019 at 15:48, Aymeric Moizard amoizard@gmail.com wrote:
Hi all,
I'm testing and moving my kamailio script to use the newer secfilter module.
In the past, I was replying "200 Ok" to "friendly scanners"...
With the newer secfilter module, it looks like I can't send a reply with "sl_send_reply("200", "OK")"
secf_check_ua(); if ($? == -2) { sl_send_reply("200", "OK"); exit; }
I have read the code of the secfilter, but I was not able to see any specific code to silently discard the SIP request.
I can see in the documentation about "secf_check_sqli_all", that the SIP message is supposed to be "dropped". I can see "w_check_sqli_all" returns 0 on detection and w_check_ua returns -2 upon detection.
Are the message discarded because a negative value was returned?
Would it be doable, using the secfilter, to still reply 200 Ok? Regards Aymeric
-- Antisip - http://www.antisip.com _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Hi
Without the force_rport() the reply goes to an incorrect port
Regards
On Tue, 3 Dec 2019 at 17:58, Aymeric Moizard amoizard@gmail.com wrote:
Hi,
Tks a lot for the answer.
I'm surprised if that would fix the issue. The missing 200 ok was for an invite with a via containing a public IP and no port.
I would expect sl_send_reply to send something, even if to the wrong port?
Regards Aymeric
Le mar. 3 déc. 2019 à 16:40, Pepelux pepeluxx@gmail.com a écrit :
Sorry ... Try to use force_rport() *before* sl_send_reply
On Tue, 3 Dec 2019 at 16:37, Pepelux pepeluxx@gmail.com wrote:
Hi Aymeric
Try to use force_rport() after sl_send_reply:
secf_check_ua(); if ($? == -2) { force_rport(); sl_send_reply("200", "OK"); exit; }
For secf_check_sqli_all() the module drops the packet if a sqli is detected in any header but for other functions as secf_check_sqli_ua() it returns a negative code for detection and you choose if you want to drop the packet or not
Regards
On Tue, 3 Dec 2019 at 15:48, Aymeric Moizard amoizard@gmail.com wrote:
Hi all,
I'm testing and moving my kamailio script to use the newer secfilter module.
In the past, I was replying "200 Ok" to "friendly scanners"...
With the newer secfilter module, it looks like I can't send a reply with "sl_send_reply("200", "OK")"
secf_check_ua(); if ($? == -2) { sl_send_reply("200", "OK"); exit; }
I have read the code of the secfilter, but I was not able to see any specific code to silently discard the SIP request.
I can see in the documentation about "secf_check_sqli_all", that the SIP message is supposed to be "dropped". I can see "w_check_sqli_all" returns 0 on detection and w_check_ua returns -2 upon detection.
Are the message discarded because a negative value was returned?
Would it be doable, using the secfilter, to still reply 200 Ok? Regards Aymeric
-- Antisip - http://www.antisip.com _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Hi,
Tks for your answer. Unfortunately, that wasn't my issue: I was surprised because no message was sent. (to any port)
I have now force_rport in my config and all messages, up to now, are answered. In my initial test, the unanswered message contains this TOP via:
Via: SIP/2.0/UDP 204.11.194.25;branch=z9hG4bK3ce5.24b98891.0\r\n
I suppose I should have seen a message being sent to 204.11.194.25 on port 5060, the default.
I'm not able to explain the reason why my capture don't have the answer. The address is valid, the port was valid too. It should have worked without the force_rport. I had received many other scam since I added force_rport, but none being exactly equivalent, so I can't tell...
Anyway... no big trouble! Regards, Aymeric
Le mar. 3 déc. 2019 à 18:38, Pepelux pepeluxx@gmail.com a écrit :
Hi
Without the force_rport() the reply goes to an incorrect port
Regards
On Tue, 3 Dec 2019 at 17:58, Aymeric Moizard amoizard@gmail.com wrote:
Hi,
Tks a lot for the answer.
I'm surprised if that would fix the issue. The missing 200 ok was for an invite with a via containing a public IP and no port.
I would expect sl_send_reply to send something, even if to the wrong port?
Regards Aymeric
Le mar. 3 déc. 2019 à 16:40, Pepelux pepeluxx@gmail.com a écrit :
Sorry ... Try to use force_rport() *before* sl_send_reply
On Tue, 3 Dec 2019 at 16:37, Pepelux pepeluxx@gmail.com wrote:
Hi Aymeric
Try to use force_rport() after sl_send_reply:
secf_check_ua(); if ($? == -2) { force_rport(); sl_send_reply("200", "OK"); exit; }
For secf_check_sqli_all() the module drops the packet if a sqli is detected in any header but for other functions as secf_check_sqli_ua() it returns a negative code for detection and you choose if you want to drop the packet or not
Regards
On Tue, 3 Dec 2019 at 15:48, Aymeric Moizard amoizard@gmail.com wrote:
Hi all,
I'm testing and moving my kamailio script to use the newer secfilter module.
In the past, I was replying "200 Ok" to "friendly scanners"...
With the newer secfilter module, it looks like I can't send a reply with "sl_send_reply("200", "OK")"
secf_check_ua(); if ($? == -2) { sl_send_reply("200", "OK"); exit; }
I have read the code of the secfilter, but I was not able to see any specific code to silently discard the SIP request.
I can see in the documentation about "secf_check_sqli_all", that the SIP message is supposed to be "dropped". I can see "w_check_sqli_all" returns 0 on detection and w_check_ua returns -2 upon detection.
Are the message discarded because a negative value was returned?
Would it be doable, using the secfilter, to still reply 200 Ok? Regards Aymeric
-- Antisip - http://www.antisip.com _______________________________________________ Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-
Aymeric Moizard -
Pepelux