[OpenSIPS-Users] IDS/IPS integration
Bogdan-Andrei Iancu
bogdan at opensips.org
Tue Nov 11 11:06:24 UTC 2025
Hi Alexey,
There is no straight answer to your question. As I understand, surcata
is more of network level tool. OpenSIPS has also tools, but more SIP /
application level (maybe excepting pike), as you already mentioned.
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
https://www.opensips-solutions.com
https://www.siphub.com
On 08.10.2025 11:28, Alexey wrote:
> Hi list,
>
> does anyone have an experience of using Intrusion Detection/Prevention Systems
> with/for OpenSIPS? I mean Suricata [1], to be more precise.
>
> There may be two approaches - running Suricata on the same server as OpenSIPS,
> or running it on a separate server to which the VoIP traffic is mirrored
> (or on the gateway which is in the OpenSIPS server traffic path).
>
> My case is running IDS/IPS on the same server.
> The server itself is opened to the whole world as it serves REGISTER
> requests from
> tens of thousands of mobile devices.
>
> And here's the question - do I really need to use IDS/IPS, or it is
> enough to configure OpenSIPS,
> as it has modules like pike, ratelimit, can count (un)successful
> requests and detect user-agents
> like those used by sipp, sipvicious and other sip-scanners.
>
> The question appeared after grep'ing some key words in Suricata rules
> and looking at log messages they generate:
>
> grep -i voip /var/lib/suricata/rules/suricata.rules -
> https://pastebin.com/EXanpJn1
> grep -i sip /var/lib/suricata/rules/suricata.rules -
> https://pastebin.com/ih5rA5fz
>
>
> [1] https://suricata.io/
>
More information about the Users
mailing list