[OpenSIPS-Users] Unregistered Calls

Rodrigo Ferreira rodrigo.ferreira at vipway.net.br
Fri Aug 26 18:27:32 CEST 2011


Hi,

I have that, because I'm using the default script, with mysql 
authentication. I dont know why, just with a dial to a 
"number at OpensipsServer" from my asterisk, the call is been completed passing 
through my Opensips, it shouldn't be completed.

> Hello,
>
> Are you not authorising all the calls against your subscriber table ?
> Check out the proxy_authorize [1] function exported by the auth_db module. 
> There is also a very good example of how to do this in the OpenSIPS 
> default config.
>
> In short, you can do the following :
>     if (!(method=="REGISTER") && from_uri==myself) /*no multidomain 
> version*/
>     #if (!(method=="REGISTER") && is_from_local())  /*multidomain 
> version*/
>     {
>             if (!proxy_authorize("", "subscriber")) {
>                 proxy_challenge("", "0");
>                 exit;
>             }
>
>             if (!db_check_from()) {
>                 sl_send_reply("403","Forbidden auth ID");
>                 exit;
>             }
>
>             consume_credentials();
>             # caller authenticated
>     }
>
>
> [1] http://www.opensips.org/html/docs/modules/devel/auth_db.html#id250381
>
> Vlad Paiu
> OpenSIPS Developer
>
>
> On 08/26/2011 05:38 PM, Rodrigo Ferreira wrote:
>>> Hi,
>>>
>>>>
>>>> I see ...
>>>>
>>>> So, how can I block or log those unauthorized calls?
>>>>
>>>> Because I'm trying to test a scenario where my Opensips is under 
>>>> attack, so all the calls are being make from a unauthorized host, and I 
>>>> wanna log this ..
>>>>
>>>
>>> Well, if they've got the right credentials then they could be legit 
>>> calls.
>>>
>>> You can use the permissions module to check the source IP address, the 
>>> pike module to check if you are getting flooded, the dialog module to 
>>> control simultaneous calls, etc.
>>>
>>>
>>> Regards,
>>>
>>> -- 
>>> Saúl Ibarra Corretgé
>>> AG Projects
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opensips.org
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>
>>
>> Hi again ..
>>
>> I ran a few tests this morning, using an Asterisk to generate calls 
>> through my Opensips.
>>
>> The Asterisk wasnt authorized to place calls, since that it never sent to 
>> my Opensips the authorized credentials, but it was able to send calls to 
>> pstn, without get blocked.
>>
>> There's any way to block that? Because if I have a phone provider, only 
>> my registered costumers can be able to place calls through my Opensips.
>>
>>
>> Thanks
>>
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> 



More information about the Users mailing list