[OpenSIPS-Users] IDS/IPS integration
Alexey
slackway2me at gmail.com
Wed Oct 8 08:28:12 UTC 2025
Hi list,
does anyone have an experience of using Intrusion Detection/Prevention Systems
with/for OpenSIPS? I mean Suricata [1], to be more precise.
There may be two approaches - running Suricata on the same server as OpenSIPS,
or running it on a separate server to which the VoIP traffic is mirrored
(or on the gateway which is in the OpenSIPS server traffic path).
My case is running IDS/IPS on the same server.
The server itself is opened to the whole world as it serves REGISTER
requests from
tens of thousands of mobile devices.
And here's the question - do I really need to use IDS/IPS, or it is
enough to configure OpenSIPS,
as it has modules like pike, ratelimit, can count (un)successful
requests and detect user-agents
like those used by sipp, sipvicious and other sip-scanners.
The question appeared after grep'ing some key words in Suricata rules
and looking at log messages they generate:
grep -i voip /var/lib/suricata/rules/suricata.rules -
https://pastebin.com/EXanpJn1
grep -i sip /var/lib/suricata/rules/suricata.rules -
https://pastebin.com/ih5rA5fz
[1] https://suricata.io/
--
best regards, Alexey
https://alexeyka.zantsev.com/
More information about the Users
mailing list