[OpenSIPS-Users] bad message

APach apach at lviv-ua.com
Sun Dec 8 18:21:30 UTC 2024 

It looks like a new way to hijack the system.

Come from around 75 different IP addresses.




_______________________________
  Best Regards Andriy Pachkovskyy
  Mob. tel. +48504122924
  Mob. tel. +380679421834
  Sip tel.   220000 at lviv-ua.com
  Email:    apach at lviv-ua.com
  Jabber:  apach at lviv-ua.com


On Sun, 8 Dec 2024 13:09:58 -0500 Alex Balashov <abalashov at evaristesys.com>
  wrote:
  Hello,
  
  It's not clear that OpenSIPS really requires 'protection' from malformed SIP messages. They don't do any obvious harm.
  
  More generally, there's no way to use the parser to validate SIP messages for morphological correctness without... using the
parser to validate them. How would you know if they're bad messages "a priori"?
  
  If your goal is to block source IPs which generate a large amount of these invalid messages, that's another matter. A log
analysis-triggered automatic firewalling tool such as Fail2ban[1], perhaps in concert with a system like APIBAN, might be your
best bet.
  
  -- Alex
  
  [1] https://github.com/fail2ban/fail2ban
  
> On Dec 8, 2024, at 1:06 pm, APach via Users <users at lists.opensips.org> wrote:
> 
> Dear Team.
> 
> How to protect the server from messages like this & how to block them?
> 
> 
> Dec  8 19:45:40 mx [1279]: INFO:core:parse_first_line: method not followed by SP
> Dec  8 19:45:40 mx [1279]: INFO:core:parse_first_line: bad message
> Dec  8 19:45:40 mx [1279]: ERROR:core:parse_msg: 
>message=<S.#002O#033`\G#031W#003RYRSZTT#014-#020C3#017\#013k\G-X#032SZin:E6T#0349&u#013yO`M[#015^#036 at mzKXW#022#005/,Y#011#025GD[}#007">
> Dec  8 19:45:40 mx /usr/sbin/opensips[1279]: ERROR:core:receive_msg: Unable to parse msg received from [147.45.78.98:11072]
> 
> 
> 
> 
> _______________________________
> Best Regards Andriy Pachkovskyy
> Mob. tel. +48504122924
> Mob. tel. +380679421834
> Sip tel.   220000 at lviv-ua.com
> Email:    apach at lviv-ua.com
> Jabber:  apach at lviv-ua.com
> <ps-error2024-12-08 19-57-31.png>_______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
  
  --
  Alex Balashov
  Principal Consultant
  Evariste Systems LLC
  Web: https://evaristesys.com
  Tel: +1-706-510-6800

More information about the Users mailing list