[OpenSIPS-Users] bad message

Bogdan-Andrei Iancu bogdan at opensips.org
Mon Dec 9 07:43:16 UTC 2024 

Hi,

Unfortunately the error route is not triggered for such early errors 
(only after hitting the script). The only module being able to help here 
is the pike module - it "sees" these errors and count them (when you use 
the module with the route, not with script function). If there are 
enough hits, the src IP will be reported. If too few hits, as Alex said, 
don't bother with it :)

Regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
   https://www.opensips-solutions.com
   https://www.siphub.com

On 08.12.2024 20:21, APach via Users wrote:
> It looks like a new way to hijack the system.
>
> Come from around 75 different IP addresses.
>
>
>
>
> _______________________________
>  Best Regards Andriy Pachkovskyy
>  Mob. tel. +48504122924
>  Mob. tel. +380679421834
>  Sip tel.   220000 at lviv-ua.com
>  Email:    apach at lviv-ua.com
>  Jabber:  apach at lviv-ua.com
>
>
> On Sun, 8 Dec 2024 13:09:58 -0500 Alex Balashov 
> <abalashov at evaristesys.com>
>  wrote:
>  Hello,
>
>  It's not clear that OpenSIPS really requires 'protection' from 
> malformed SIP messages. They don't do any obvious harm.
>
>  More generally, there's no way to use the parser to validate SIP 
> messages for morphological correctness without... using the
> parser to validate them. How would you know if they're bad messages "a 
> priori"?
>
>  If your goal is to block source IPs which generate a large amount of 
> these invalid messages, that's another matter. A log
> analysis-triggered automatic firewalling tool such as Fail2ban[1], 
> perhaps in concert with a system like APIBAN, might be your
> best bet.
>
>  -- Alex
>
>  [1] https://github.com/fail2ban/fail2ban
>
>> On Dec 8, 2024, at 1:06 pm, APach via Users 
>> <users at lists.opensips.org> wrote:
>>
>> Dear Team.
>>
>> How to protect the server from messages like this & how to block them?
>>
>>
>> Dec  8 19:45:40 mx [1279]: INFO:core:parse_first_line: method not 
>> followed by SP
>> Dec  8 19:45:40 mx [1279]: INFO:core:parse_first_line: bad message
>> Dec  8 19:45:40 mx [1279]: ERROR:core:parse_msg: 
>> message=<S.#002O#033`\G#031W#003RYRSZTT#014-#020C3#017\#013k\G-X#032SZin:E6T#0349&u#013yO`M[#015^#036 at mzKXW#022#005/,Y#011#025GD[}#007">
>> Dec  8 19:45:40 mx /usr/sbin/opensips[1279]: ERROR:core:receive_msg: 
>> Unable to parse msg received from [147.45.78.98:11072]
>>
>>
>>
>>
>> _______________________________
>> Best Regards Andriy Pachkovskyy
>> Mob. tel. +48504122924
>> Mob. tel. +380679421834
>> Sip tel.   220000 at lviv-ua.com
>> Email:    apach at lviv-ua.com
>> Jabber:  apach at lviv-ua.com
>> <ps-error2024-12-08 
>> 19-57-31.png>_______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>  --
>  Alex Balashov
>  Principal Consultant
>  Evariste Systems LLC
>  Web: https://evaristesys.com
>  Tel: +1-706-510-6800
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users

More information about the Users mailing list