[SR-Users] Kamailio Authentication failing

Daniel Tryba d.tryba at pocos.nl
Fri Sep 16 11:31:32 CEST 2016


On Fri, Sep 16, 2016 at 07:54:20AM +0100, Eric Koome wrote:
> Hi all - my Kamailio - 4.1.6 is receiving this particular structured
> INVITES from multiple IPs, and for some reason it is not requesting
> authentication. I have AUTH & IPAUTH modules in use for two years now,
> but this is bypassing that and actually forwarding the invite to
> asterisk servers behind Kamailio.
 
> I notice from the invite that the contact (c=IN IP4 10.10.10.10) is
> unusual and in the private range. Is this what is bypassing
> Authentication?

Depends on what you are doing to authenticate, but normally you wouldn't
use SDP body stuff for authentication. So it's unlikely.

> Any Pointers on how to stop this. This is flooding my boxes!

Take a look at pike
http://kamailio.org/docs/modules/stable/modules/pike.html
or maybe (never used it so far) pipelimit
http://kamailio.org/docs/modules/stable/modules/pipelimit.html

BTW for me all INVITEs for numbers starting with 9 indicate to toll
fraud. You might want to setup a honeypot and create a blocklist of IPs



More information about the sr-users mailing list