[OpenSER-Users] sanitizing sip requests

Henning Westerholt henning.westerholt at 1und1.de
Thu Oct 18 10:41:17 CEST 2007


On Thursday 18 October 2007, Edson wrote:
> I was thinking about this problem and I think that combining this module
> idea with the ones presented by Jiri could guide to an intermediary and
> more flexible one.
>
> Any sanitization task would be processed by a dedicated module. This module
> could load as many 'sanitizations descriptions' as desired. Each
> 'sanitization description' could be a XML file (just to give an exemple)
> and would take care of an especific language or language family. It could
> describe signatures, or even include language syntax and semantics checks
> (who knows what is really necessary?). This way, changing/improving the
> descriptions with language specific sanitization knownledge would extended
> the protection without the need of logical changes on the proxy script.
>
> For sure even if the idea is easy to understand it's implementation is not
> a trivial work. But is an idea... ;)

Perhaps it makes more sense to use an IDS for this job, which already has the 
infrastructure present to search in the traffic and match against arbitrary 
rules. It can alert or kill the connection if something against the policy is 
detected.

Cheers,

Henning




More information about the sr-users mailing list