[SR-Users] Forcing a TCP Connection Closed?
Sergey Safarov
s.safarov at gmail.com
Wed Oct 11 10:47:28 CEST 2017
You can use dns name as SIP realm.
Then you can silencly drop messages that contains IP address to From/To
field
Example
https://github.com/2600hz/kazoo-configs-kamailio/blob/master/kamailio/traffic-filter-role.cfg
вт, 10 окт. 2017 г., 13:36 Daniel-Constantin Mierla <miconda at gmail.com>:
> Hello,
>
>
> On 09.10.17 12:17, Mark Boyce wrote:
> > Hi Daniel,
> >
> > Thanks, I see tcpops lets us set the lifetime … although it’s not really
> the length of the lifetime that concerns me.
> >
> > I guess I’m thinking more a SIP TCP Firewall type of system. If someone
> is scanning/ddos/etc I don’t think we should be sending a response at all,
> unless there’s something I’ve missed?
>
> usually is better not to send a response, especially when matching the
> attack first time, so it doesn't discover it is a sip server. If the
> attacker already knows, sometimes it helps to just send a 200 ok
> response, because that may make the scanning script stop, because it
> thinks it has discovered a good password.
>
> > We could just use fail2ban but that would mean spawning an executable or
> writing each attempt to logs.
>
> That's an option used by many out there, a matter of preferences.
> >
> > Maybe I’m doing things the wrong way round but I can’t help feeling that
> letting kamailio see the attempts and log stats, sources, etc is more
> useful than an iptables drop?
>
> I typically do it with kamailio, as I am more familiar with.
>
> Of course, there is always the option to add a function to close a tcp
> connection (as alternative to setting lifetime to 1 sec), but one has to
> go and code it, tcpops is a good place for such addition.
>
> Cheers,
> Daniel
>
> > Cheers,
> > Mark
> >
> >
> >> On 9 Oct 2017, at 10:51, Daniel-Constantin Mierla <miconda at gmail.com>
> wrote:
> >>
> >> Hello,
> >>
> >> tcpops module offers a function to set the lifetime of a tcp connection,
> >> so you can set it to 1 second:
> >>
> >> -https://www.kamailio.org/docs/modules/stable/modules/tcpops.html
> >>
> >> Core offers a function to instruct closing the connection once a reply
> >> has been sent, but it seems you don't want to send anything back.
> >>
> >> Cheers,
> >> Daniel
> >>
> >>
> >> On 08.10.17 22:11, Mark Boyce wrote:
> >>> Hi all
> >>>
> >>> Just working on some connections security filters on a Kamailio
> install. The security goes something like this;
> >>>
> >>> In REQINT … if source_ip is not in customers IP white-list then just
> exit
> >>>
> >>> This works fine for UDP where packets are just ignored if they don’t
> come from a trusted IP.
> >>>
> >>> However on TCP this leads to the connection staying open until it
> either times out or the source disconnects. Which feels untidy.
> >>>
> >>> Is there a way to say close the TCP connection from within the config
> script?
> >>>
> >>> Thanks
> >>>
> >>> Mark
> >> --
> >> Daniel-Constantin Mierla
> >> www.twitter.com/miconda -- www.linkedin.com/in/miconda
> >> Kamailio Advanced Training - www.asipto.com
> >> Kamailio World Conference - www.kamailioworld.com
> >>
>
> --
> Daniel-Constantin Mierla
> www.twitter.com/miconda -- www.linkedin.com/in/miconda
> Kamailio Advanced Training - www.asipto.com
> Kamailio World Conference - www.kamailioworld.com
>
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20171011/5c1504ce/attachment.html>
More information about the sr-users
mailing list