[SR-Users] how to catch attacker using bad request line?
Juha Heinanen
jh at tutpro.com
Mon Sep 17 13:59:43 CEST 2018
In order to be able to fail2ban an attacker that sends tons of SIP
requests with malformed request lines, it would need to be possible to
generate an appropriate syslog message from config file.
I didn't find any sanity module param value that would turn on checking
of request line syntax. Any other ideas?
As an example, below is what comes to syslog when I send a request that
has syntax error on request line.
-- Juha
Sep 17 14:46:39 char /usr/bin/sip-proxy[9458]: ERROR: <core> [core/parser/msg_parser.c:337]: parse_headers(): bad header field [(null)]
Sep 17 14:46:39 char /usr/bin/sip-proxy[9458]: WARNING: <core> [core/receive.c:230]: receive_msg(): parsing relevant headers failed
Sep 17 14:46:43 char /usr/bin/sip-proxy[9458]: ERROR: <core> [core/parser/msg_parser.c:337]: parse_headers(): bad header field [(null)]
Sep 17 14:46:43 char /usr/bin/sip-proxy[9458]: WARNING: <core> [core/receive.c:230]: receive_msg(): parsing relevant headers failed
More information about the sr-users
mailing list