[SR-Users] Security in proxy
Iñaki Baz Castillo
ibc at aliax.net
Sun Jun 19 20:42:24 CEST 2011
2011/6/16 Anto <potxoka at gmail.com>:
> Is there any way to implement something that detects unusual behavior on the
> user (referred to countries that do not ever called, excessive traffic,
> etc)?.
This requirement is too complex to implement it in a generic module
(IMHO). For example, if we are a Spanish telco operator and our
clients are mostly Spanish, they usually call Spanish numbers. If one
of them starts making lot of calls to Slovenia it could be an attack.
But maybe we have a client that, in fact, makes lot of calls to
Slovenia por any valid reason (businness model and so). So each client
could require a different "security profile".
We are planning to build a system for this purpose. The idea is having
a separate custom server (not a SIP server, or maybe) that collects
clients calls and analyze them against a "security profiles backend"
(a DB or whatever). When kamailio receives a call it would communicate
with this server in some way and ask it "client XXXX wants to make a
call tu NNNNNNN, should I allow it?". Then the custom server would
apply internal logic and give a fast response (yes/no).
I think this is too complex and could make sense to build a
separate/custom server for this purpose, and then, maybe create a
custom Kamailio module for communicating Kamailio with the server
(some communication protocol and so).
--
Iñaki Baz Castillo
<ibc at aliax.net>
More information about the sr-users
mailing list