[SR-Users] Forcing a TCP Connection Closed?

Daniel-Constantin Mierla miconda at gmail.com
Tue Oct 10 12:36:15 CEST 2017


Hello,


On 09.10.17 12:17, Mark Boyce wrote:
> Hi Daniel, 
>
> Thanks, I see tcpops lets us set the lifetime … although it’s not really the length of the lifetime that concerns me. 
>
> I guess I’m thinking more a SIP TCP Firewall type of system.  If someone is scanning/ddos/etc I don’t think we should be sending a response at all, unless there’s something I’ve missed?

usually is better not to send a response, especially when matching the
attack first time, so it doesn't discover it is a sip server. If the
attacker already knows, sometimes it helps to just send a 200 ok
response, because that may make the scanning script stop, because it
thinks it has discovered a good password.

> We could just use fail2ban but that would mean spawning an executable or writing each attempt to logs.

That's an option used by many out there, a matter of preferences.
>
> Maybe I’m doing things the wrong way round but I can’t help feeling that letting kamailio see the attempts and log stats, sources, etc is more useful than an iptables drop?

I typically do it with kamailio, as I am more familiar with.

Of course, there is always the option to add a function to close a tcp
connection (as alternative to setting lifetime to 1 sec), but one has to
go and code it, tcpops is a good place for such addition.

Cheers,
Daniel

> Cheers,
> Mark
>
>
>> On 9 Oct 2017, at 10:51, Daniel-Constantin Mierla <miconda at gmail.com> wrote:
>>
>> Hello,
>>
>> tcpops module offers a function to set the lifetime of a tcp connection,
>> so you can set it to 1 second:
>>
>>   -https://www.kamailio.org/docs/modules/stable/modules/tcpops.html
>>
>> Core offers a function to instruct closing the connection once a reply
>> has been sent, but it seems you don't want to send anything back.
>>
>> Cheers,
>> Daniel
>>
>>
>> On 08.10.17 22:11, Mark Boyce wrote:
>>> Hi all
>>>
>>> Just working on some connections security filters on a Kamailio install.   The security goes something like this;
>>>
>>> In REQINT … if source_ip  is not in customers IP white-list then just exit
>>>
>>> This works fine for UDP where packets are just ignored if they don’t come from a trusted IP.
>>>
>>> However on TCP this leads to the connection staying open until it either times out or the source disconnects.   Which feels untidy.
>>>
>>> Is there a way to say close the TCP connection from within the config script?
>>>
>>> Thanks
>>>
>>> Mark
>> -- 
>> Daniel-Constantin Mierla
>> www.twitter.com/miconda -- www.linkedin.com/in/miconda
>> Kamailio Advanced Training - www.asipto.com
>> Kamailio World Conference - www.kamailioworld.com
>>

-- 
Daniel-Constantin Mierla
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training - www.asipto.com
Kamailio World Conference - www.kamailioworld.com




More information about the sr-users mailing list