[Freeswitch-users] Is there a way for FS not to send back any response to INVITE

[Michael Jerris]

If you want to do this, put a proxy out in front... Doing it in freeswitch would require a complete rewrite of the sip module.

> On Jun 1, 2016, at 4:05 PM, Oleg Stolyar <olegstolyar at gmail.com> wrote:
> 
> Thanks guys!  IP tables is how we block most traffic but we can only block traffic by port.  In this case it's about invalid INVITES coming in on a valid port.
> 
> Do you think this functionality would be useful?  
> Is it worth opening a feature request and perhaps putting a bounty on it?  
> Any idea of the effort?
> 
> On Wed, Jun 1, 2016 at 1:00 PM, Michael Jerris <mike at jerris.com <mailto:mike at jerris.com>> wrote:
> The only way with our current sip module to accomplish either of these would be to put a sip proxy out front to handle that behavior, or to somehow use iptables to block the traffic
> 
>> On Jun 1, 2016, at 3:40 PM, Oleg Stolyar <olegstolyar at gmail.com <mailto:olegstolyar at gmail.com>> wrote:
>> 
>> Hi,
>> 
>> In order to protect against scanning attacks I'd like for FS to not respond to INVITES unless they match certain conditions.  
>> 
>> I understand that currently FS always responds with 100 Trying right away before processing the call and then, if the call does not match anything in the dialplan, responds with a 302 Moved Temporarily.
>> 
>> The 302 can be replaced with another response code (for example 403 Forbidden which is what I am doing now) using the respond dialplan app.   However, that might encourage the scanner to keep trying.
>> 
>> So I guess there are two questions:
>> 
>> 1. Is there a way not to send back 100 Trying at all?
>> 
>> 2. Is there a way to not send any final response?
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20160601/1036a927/attachment.html