[Freeswitch-users] Is there a way for FS not to send back any response to INVITE
Jurijs Ivolga
jurijs.ivolga at gmail.com
Thu Jun 2 00:26:48 MSD 2016
Hi Oleg,
With iptables you can block based on what is inside SIP packet(off cause if
you are not using TLS), take a look on link below:
http://www.bertera.it/index.php/2014/01/22/sip-facket-filtering-with-iptables/
It is not best way to achieve what you need, cause as far as I know it is
resource consuming operations. Best way will be to use Kamailio as SIP
proxy in front.
With kind regards,
Jurijs
On Wed, Jun 1, 2016 at 11:05 PM, Oleg Stolyar <olegstolyar at gmail.com> wrote:
> Thanks guys! IP tables is how we block most traffic but we can only block
> traffic by port. In this case it's about invalid INVITES coming in on a
> valid port.
>
> Do you think this functionality would be useful?
> Is it worth opening a feature request and perhaps putting a bounty on it?
> Any idea of the effort?
>
> On Wed, Jun 1, 2016 at 1:00 PM, Michael Jerris <mike at jerris.com> wrote:
>
>> The only way with our current sip module to accomplish either of these
>> would be to put a sip proxy out front to handle that behavior, or to
>> somehow use iptables to block the traffic
>>
>> On Jun 1, 2016, at 3:40 PM, Oleg Stolyar <olegstolyar at gmail.com> wrote:
>>
>> Hi,
>>
>> In order to protect against scanning attacks I'd like for FS to not
>> respond to INVITES unless they match certain conditions.
>>
>> I understand that currently FS always responds with 100 Trying right away
>> before processing the call and then, if the call does not match anything in
>> the dialplan, responds with a 302 Moved Temporarily.
>>
>> The 302 can be replaced with another response code (for example 403
>> Forbidden which is what I am doing now) using the *respond* dialplan
>> app. However, that might encourage the scanner to keep trying.
>>
>> So I guess there are two questions:
>>
>> 1. Is there a way not to send back 100 Trying at all?
>>
>> 2. Is there a way to not send any final response?
>>
>>
>>
>> _________________________________________________________________________
>> Professional FreeSWITCH Consulting Services:
>> consulting at freeswitch.org
>> http://www.freeswitchsolutions.com
>>
>> Official FreeSWITCH Sites
>> http://www.freeswitch.org
>> http://confluence.freeswitch.org
>> http://www.cluecon.com
>>
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://confluence.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20160601/ff51e6a0/attachment-0001.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list