[SR-Users] how to catch attacker using bad request line?
Juha Heinanen
jh at tutpro.com
Mon Sep 17 16:56:04 CEST 2018
Daniel-Constantin Mierla writes:
> I guess you have some modules that registered to process non-sip
> traffic, such as xhttp, xmlrpc, ... the parse_msg() throws error and in
> such case the processing is delegated to non-sip message handling, if
> all skipped, then ended up on trying going further as sip ...
Yes, there is event_route [xhttp:request].
>
> I just pushed a patch to deal with it properly. Can you test? if all ok,
> feel free to backport.
Now the event_route[core:receive-parse-error] was executed:
Sep 17 17:52:14 char /usr/bin/sip-proxy[18269]: NOTICE: Request from <192.168.43.107> has invalid syntax
and there was no ERROR/WARNING messages.
I'll backport to 5.1.
-- Juha
More information about the sr-users
mailing list