[OpenSIPS-Users] Unregistered Calls

Vlad Paiu vladpaiu at opensips.org
Fri Aug 26 17:14:12 CEST 2011 

Hello,

Are you not authorising all the calls against your subscriber table ?
Check out the proxy_authorize [1] function exported by the auth_db 
module. There is also a very good example of how to do this in the 
OpenSIPS default config.

In short, you can do the following :
     if (!(method=="REGISTER") && from_uri==myself) /*no multidomain 
version*/
     #if (!(method=="REGISTER") && is_from_local())  /*multidomain version*/
     {
             if (!proxy_authorize("", "subscriber")) {
                 proxy_challenge("", "0");
                 exit;
             }

             if (!db_check_from()) {
                 sl_send_reply("403","Forbidden auth ID");
                 exit;
             }

             consume_credentials();
             # caller authenticated
     }


[1] http://www.opensips.org/html/docs/modules/devel/auth_db.html#id250381

Vlad Paiu
OpenSIPS Developer


On 08/26/2011 05:38 PM, Rodrigo Ferreira wrote:
>> Hi,
>>
>>>
>>> I see ...
>>>
>>> So, how can I block or log those unauthorized calls?
>>>
>>> Because I'm trying to test a scenario where my Opensips is under 
>>> attack, so all the calls are being make from a unauthorized host, 
>>> and I wanna log this ..
>>>
>>
>> Well, if they've got the right credentials then they could be legit 
>> calls.
>>
>> You can use the permissions module to check the source IP address, 
>> the pike module to check if you are getting flooded, the dialog 
>> module to control simultaneous calls, etc.
>>
>>
>> Regards,
>>
>> -- 
>> Saúl Ibarra Corretgé
>> AG Projects
>>
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>
> Hi again ..
>
> I ran a few tests this morning, using an Asterisk to generate calls 
> through my Opensips.
>
> The Asterisk wasnt authorized to place calls, since that it never sent 
> to my Opensips the authorized credentials, but it was able to send 
> calls to pstn, without get blocked.
>
> There's any way to block that? Because if I have a phone provider, 
> only my registered costumers can be able to place calls through my 
> Opensips.
>
>
> Thanks
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users

More information about the Users mailing list