[OpenSIPS-Users] Opensips security problem

James Mbuthia jmmbuthia at gmail.com
Fri Oct 8 17:12:28 CEST 2010


Thanks, will try it and get back to you.

james

On Fri, Oct 8, 2010 at 5:10 PM, Bogdan-Andrei Iancu
<bogdan at voice-system.ro>wrote:

> Hi James,
>
> use the domain module to list in DB all your local domains and check in
> script if the domain in RURI is local or not. Use
>       http://www.opensips.org/html/docs/modules/1.6.x/domain.html#id227177
>
> If the domain is not local, reject the registration
>
> Regards,
> Bogdan
>
> James Mbuthia wrote:
> > Hi,
> >
> > Am having a problem with someone trying to use my opensips to relay
> > calls. Below is a snippet of my log file
> >
> > Oct  8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
> > DBG:core:parse_msg: SIP Request:
> > Oct  8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
> > DBG:core:parse_msg:  method:  <REGISTER>
> > Oct  8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
> > DBG:core:parse_msg:  uri:     <sip:sip.persiantools.com
> > <http://sip.persiantools.com>>
> > Oct  8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
> > DBG:core:parse_msg:  version: <SIP/2.0>
> > Oct  8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
> > DBG:core:parse_headers: flags=2
> > Oct  8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
> > DBG:core:parse_via_param: found param type 232, <branch> =
> > <z9hG4bK29073721>; state=6
> > Oct  8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
> > DBG:core:parse_via_param: found param type 235, <rport> = <n/a>; state=17
> > Oct  8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
> > DBG:core:parse_via: end of header reached, state=5
> > Oct  8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
> > DBG:core:parse_headers: via found, flags=2
> > Oct  8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
> > DBG:core:parse_headers: this is the first via
> > Oct  8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
> > DBG:core:receive_msg: After parse_msg...
> > Oct  8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
> > DBG:core:receive_msg: preparing to run routing scripts...
> > Oct  8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
> > DBG:core:parse_headers: flags=100
> > Oct  8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
> > DBG:core:parse_to: end of header reached, state=10
> > Oct  8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
> > DBG:core:parse_to: display={}, ruri={sip:49102 at sip.persiantools.com<sip%3A49102 at sip.persiantools.com>
> > <mailto:sip%3A49102 at sip.persiantools.com<sip%253A49102 at sip.persiantools.com>
> >}
> > Oct  8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
> > DBG:core:get_hdr_field: <To> [34]; uri=[sip:49102 at sip.persiantools.com<sip%3A49102 at sip.persiantools.com>
> > <mailto:sip%3A49102 at sip.persiantools.com<sip%253A49102 at sip.persiantools.com>
> >]
> > Oct  8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
> > DBG:core:get_hdr_field: to body [<sip:49102 at sip.persiantools.com<sip%3A49102 at sip.persiantools.com>
> > <mailto:sip%3A49102 at sip.persiantools.com<sip%253A49102 at sip.persiantools.com>
> >>
> >  ]
> > Oct  8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
> > DBG:core:get_hdr_field: cseq <CSeq>: <22695> <REGISTER>
> > Oct  8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
> > DBG:maxfwd:is_maxfwd_present: value = 70
> > Oct  8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
> > DBG:uri:has_totag: no totag
> > Oct  8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
> > DBG:core:parse_headers: flags=78
> > Oct  8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
> > DBG:tm:t_lookup_request: start searching: hash=51210, isACK=0
> > Oct  8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
> > DBG:tm:matching_3261: RFC3261 transaction matching failed
> > Oct  8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
> > DBG:tm:t_lookup_request: no transaction found
> > Oct  8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
> > DBG:core:parse_headers: flags=200
> > Oct  8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
> > DBG:core:get_hdr_field: content_length=0
> > Oct  8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
> > DBG:core:get_hdr_field: found end of header
> > Oct  8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
> > DBG:rr:find_first_route: No Route headers found
> > Oct  8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
> > DBG:rr:loose_route: There is no Route HF
> > Oct  8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
> > DBG:core:grep_sock_info: checking if host==us: 20==13 &&
> >  [sip.persiantools.com <http://sip.persiantools.com>] == [72.55.133$
> > Oct  8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
> > DBG:core:grep_sock_info: checking if port 5060 matches port 5060
> > Oct  8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
> > DBG:core:check_self: host != me
> >
> >
> >
> > As you can see am getting Register requests
> > from sip:49102 at sip.persiantools.com <sip%3A49102 at sip.persiantools.com>
> > <mailto:sip%3A49102 at sip.persiantools.com<sip%253A49102 at sip.persiantools.com>>.
> What I wanted to know, how
> > do I block all requests from sip.persiantools.com
> > <http://sip.persiantools.com>? Do I use the userblacklist module? I
> > tried doing that but my problem is that the database entry requires a
> > prefix, since I want to block all requests from that specific domain
> > how do I go around it? Or conversely how do I make a configuration
> > that only allows requests from a specific domain? Any help would be
> > highly appreaciated.
> >
> > regards,
> > James
> >
> > .
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Users mailing list
> > Users at lists.opensips.org
> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> >
>
>
> --
> Bogdan-Andrei Iancu
> OpenSIPS Bootcamp
> 15 - 19 November 2010, Edison, New Jersey, USA
> www.voice-system.ro
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.opensips.org/pipermail/users/attachments/20101008/55a30c6a/attachment.htm 


More information about the Users mailing list