[SR-Users] how to catch attacker using bad request line?
Juha Heinanen
jh at tutpro.com
Mon Sep 17 15:42:01 CEST 2018
Daniel-Constantin Mierla writes:
> try with event_route[core:receive-parse-error] { ... }
>
> The variables related to sip message content (headers, body, ...) likely
> not working there (should return null), but source IP/port should be good.
Thanks for the pointer. I defined:
event_route[core:receive-parse-error] { # Catch message parse errors
xnotice("Request from <$var(src_ip)> has invalid syntax\n");
}
but didn't get the notice to syslog. Only these:
Sep 17 16:37:52 char /usr/bin/sip-proxy[23020]: ERROR: <core> [core/parser/msg_parser.c:337]: parse_headers(): bad header field [(null)]
Sep 17 16:37:52 char /usr/bin/sip-proxy[23020]: WARNING: <core> [core/receive.c:230]: receive_msg(): parsing relevant headers failed
-- Juha
More information about the sr-users
mailing list