[Users] feature request
Bogdan-Andrei Iancu
bogdan at voice-system.ro
Wed Jul 27 17:14:54 CEST 2005
Hi Klaus,
I was already considering this feature, from same reasons as you.
Attacks may hide behind DNS address IPs of critical components of a
platform (like GW).
I was thinking having this in core to be able to use it both in
stateless (core) and statefull (tm) mode. My concern is where/how to
define the IP black list. If it will be kept in core, will the core
populated it (via script??) or module should register IPs to the core
list? All this in the idea of being able to do a nice provisioning of
the IP blacklist.
At this hot spot, any comments/ suggestions are welcomed!
regards,
bogdan
Klaus Darilion wrote:
> Hi!
>
> In many situations it would be useful to verify the destination IP
> address of a message before sending the message. E.g. I want to make
> sure that accounting and authentication was applied before sending a
> request to a gateway.
>
> loose_route and DNS resolving make it impossible to handle all
> scenarios in the config script. Thinking about the problem I got the
> following idea:
> The tm module should, after all DNS lookups, verify the dest. IP
> against a blacklist (e.g. the GW table from lcr module). If the dest.
> IP is on the blacklist, the message will only be sent if a certain
> flag is set. This flag will be set in the config script after all
> checks (acc, auth...) has been applied.
>
> What do you think about this idea? Any other ideas for this problem?
>
> regards,
> klaus
>
> _______________________________________________
> Users mailing list
> Users at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/users
>
More information about the Users
mailing list