[SR-Users] how to catch attacker using bad request line?
Daniel-Constantin Mierla
miconda at gmail.com
Mon Sep 17 15:50:05 CEST 2018
Can you send all log messages with debug=3?
Btw, the source ip variable is $si.
Cheers,
Daniel
On 17.09.18 15:42, Juha Heinanen wrote:
> Daniel-Constantin Mierla writes:
>
>> try with event_route[core:receive-parse-error] { ... }
>>
>> The variables related to sip message content (headers, body, ...) likely
>> not working there (should return null), but source IP/port should be good.
> Thanks for the pointer. I defined:
>
> event_route[core:receive-parse-error] { # Catch message parse errors
>
> xnotice("Request from <$var(src_ip)> has invalid syntax\n");
>
> }
>
> but didn't get the notice to syslog. Only these:
>
> Sep 17 16:37:52 char /usr/bin/sip-proxy[23020]: ERROR: <core> [core/parser/msg_parser.c:337]: parse_headers(): bad header field [(null)]
> Sep 17 16:37:52 char /usr/bin/sip-proxy[23020]: WARNING: <core> [core/receive.c:230]: receive_msg(): parsing relevant headers failed
>
> -- Juha
--
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio World Conference -- www.kamailioworld.com
Kamailio Advanced Training, Nov 12-14, 2018, in Berlin -- www.asipto.com
More information about the sr-users
mailing list