[Users] feature request

Juha Heinanen jh at tutpro.com
Wed Jul 27 20:56:16 CEST 2005


Bogdan-Andrei Iancu writes:

 > I was already considering this feature, from same reasons as you. 
 > Attacks may hide behind DNS address IPs of critical components of a 
 > platform (like GW).

GWs (and any SIP UAs) should reject requests where request uri doesn't
designate the SIP UA itself.  if they don't, report it as a bug to the
manufacturer.

 > I was thinking having this in core to be able to use it both in 
 > stateless (core) and statefull (tm) mode. My concern is where/how to 
 > define the IP black list. If it will be kept in core, will the core 
 > populated it (via script??) or module should register IPs to the core 
 > list? All this in the idea of being able to do a nice provisioning of 
 > the IP blacklist.

in order to be useful, blacklist must be kept in a database table, which
ser can reload into memory by a fifo command.

-- juha





More information about the Users mailing list