[OpenSIPS-Users] Unregistered Calls
Vlad Paiu
vladpaiu at opensips.org
Fri Aug 26 17:14:12 CEST 2011
Hello,
Are you not authorising all the calls against your subscriber table ?
Check out the proxy_authorize [1] function exported by the auth_db
module. There is also a very good example of how to do this in the
OpenSIPS default config.
In short, you can do the following :
if (!(method=="REGISTER") && from_uri==myself) /*no multidomain
version*/
#if (!(method=="REGISTER") && is_from_local()) /*multidomain version*/
{
if (!proxy_authorize("", "subscriber")) {
proxy_challenge("", "0");
exit;
}
if (!db_check_from()) {
sl_send_reply("403","Forbidden auth ID");
exit;
}
consume_credentials();
# caller authenticated
}
[1] http://www.opensips.org/html/docs/modules/devel/auth_db.html#id250381
Vlad Paiu
OpenSIPS Developer
On 08/26/2011 05:38 PM, Rodrigo Ferreira wrote:
>> Hi,
>>
>>>
>>> I see ...
>>>
>>> So, how can I block or log those unauthorized calls?
>>>
>>> Because I'm trying to test a scenario where my Opensips is under
>>> attack, so all the calls are being make from a unauthorized host,
>>> and I wanna log this ..
>>>
>>
>> Well, if they've got the right credentials then they could be legit
>> calls.
>>
>> You can use the permissions module to check the source IP address,
>> the pike module to check if you are getting flooded, the dialog
>> module to control simultaneous calls, etc.
>>
>>
>> Regards,
>>
>> --
>> Saúl Ibarra Corretgé
>> AG Projects
>>
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>
> Hi again ..
>
> I ran a few tests this morning, using an Asterisk to generate calls
> through my Opensips.
>
> The Asterisk wasnt authorized to place calls, since that it never sent
> to my Opensips the authorized credentials, but it was able to send
> calls to pstn, without get blocked.
>
> There's any way to block that? Because if I have a phone provider,
> only my registered costumers can be able to place calls through my
> Opensips.
>
>
> Thanks
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
More information about the Users
mailing list