[Freeswitch-dev] OPTIONS
Suneel Papineni
Suneel.Papineni at mettoni.com
Fri Nov 20 03:15:08 PST 2009
Hi Anthony,
In case if an application is written to send continuous messages to FS,
how to stop responding to that IP or stop messages reaching to FS from
that IP. (like a DoS attack). Is there any provision at FS or do we need
to take care at network router level with firewall configured properly.
Thanks
Suneel
From: freeswitch-dev-bounces at lists.freeswitch.org
[mailto:freeswitch-dev-bounces at lists.freeswitch.org] On Behalf Of
Anthony Minessale
Sent: 19 November 2009 15:24
To: freeswitch-dev at lists.freeswitch.org
Subject: Re: [Freeswitch-dev] OPTIONS
You cant block options but you can block new invites with "fsctl pause"
That would cause the calls to fail over to the2nd route at least until
the current calls are over.
That is the only solution there is no way to not reply to options and
there is nothing we can do to make that possible as it's a violation of
the SIP spec. you would have to use a sip router like openser for that.
On Thu, Nov 19, 2009 at 8:45 AM, Suneel Papineni
<Suneel.Papineni at mettoni.com> wrote:
Thanks Bret, but unfortunately I didn't have control on Gateway because
it is a 3rd party (Except for adding primary and secondary FS IP
addresses). So I need to do something at FS end only.
-----Original Message-----
From: freeswitch-dev-bounces at lists.freeswitch.org
[mailto:freeswitch-dev-bounces at lists.freeswitch.org] On Behalf Of
Trixter aka Bret McDanel
Sent: 19 November 2009 13:44
To: freeswitch-dev at lists.freeswitch.org
Subject: Re: [Freeswitch-dev] OPTIONS
On Thu, 2009-11-19 at 13:23 +0000, Suneel Papineni wrote:
> So is there anyway to instruct FS (through event sockets), not to
> respond to OPTIONS message received from the GW.
I would think that adding code to do that would cause some breakage.
The better solution would be to have a trigger on your gateway to tell
it to fail all calls over.
If you did an ACL or packet filter or anything else, important messages
may be lost. The exception would be if it does OPTIONS to a different
port and you block that port only, so normal sip traffic goes through
but the ping is stopped. This would be to a 2nd profile but the same
instance of freeswitch, so it should work the same in terms of
availability.
You could modify sofia so that it could block this, but I do not think
that it would be committed as a result you would have to maintain this
out of tree. I could be wrong, it might get committed, but given that
there are other solutions, and this one has some potential to create
headaches for others I do not believe that it would.
>
--
Trixter http://www.0xdecafbad.com Bret McDanel
pgp key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x8AE5C721
_______________________________________________
FreeSWITCH-dev mailing list
FreeSWITCH-dev at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-dev
http://www.freeswitch.org
************************************************************************
*
Please consider the environment before printing this e-mail
************************************************************************
*
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager. http://www.mettoni.com
Mettoni Ltd
Registered in England and Wales: 4485956
9400 Garsington Road, Oxford Business Park, Oxford, OX4 2HN
************************************************************************
*
_______________________________________________
FreeSWITCH-dev mailing list
FreeSWITCH-dev at lists.freeswitch.org
http://lists.freeswitch.org/mailman/listinfo/freeswitch-dev
UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-dev
http://www.freeswitch.org
--
Anthony Minessale II
FreeSWITCH http://www.freeswitch.org/
ClueCon http://www.cluecon.com/
Twitter: http://twitter.com/FreeSWITCH_wire
AIM: anthm
MSN:anthony_minessale at hotmail.com
<mailto:MSN%3Aanthony_minessale at hotmail.com>
GTALK/JABBER/PAYPAL:anthony.minessale at gmail.com
<mailto:PAYPAL%3Aanthony.minessale at gmail.com>
IRC: irc.freenode.net #freeswitch
FreeSWITCH Developer Conference
sip:888 at conference.freeswitch.org
<mailto:sip%3A888 at conference.freeswitch.org>
iax:guest at conference.freeswitch.org/888
googletalk:conf+888 at conference.freeswitch.org
<mailto:googletalk%3Aconf%2B888 at conference.freeswitch.org>
pstn:213-799-1400
*************************************************************************
Please consider the environment before printing this e-mail
*************************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager. http://www.mettoni.com
Mettoni Ltd
Registered in England and Wales: 4485956
9400 Garsington Road, Oxford Business Park, Oxford, OX4 2HN
*************************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-dev/attachments/20091120/12471920/attachment.html
More information about the FreeSWITCH-dev
mailing list