Hi there,<div><br></div><div>I am investigating OpenSIPS for use in my company's VOIP network. I'm wondering if I could get a little advice on a design I am considering?</div><div><br></div><div>The problem:</div><div>
<br></div><div>We currently have a VOIP network built around a propriety SIP proxy which we are discovering appears to have a number of security weaknesses. The most significant of these is it's inability to tear down calls in progress once a user's balance has hit zero and having no ability to limit the channels that a user has open. This could potentially cripple our business due to the losses we are experiencing from fraud.</div>
<div><br></div><div>A very early draft of my solution:</div><div><br></div><div>I have noticed the OpenSIPS module userblacklist ( <a href="http://www.opensips.org/html/docs/modules/1.6.x/userblacklist.html">http://www.opensips.org/html/docs/modules/1.6.x/userblacklist.html</a> ) and believe that this could solve our problems. I have other code running elsewhere on our network which is able to identify fraudulent calls - I just need a way of killing said calls and stopping the fraud in progress. It seems with this module I could call a web service on the OpenSIPS server, add and remove SIP uris from the blacklist database table and then call the module MI function via XML-RPC to update the list and cut off the call. (At least I am hoping it could do this - can the blacklist block calls in progress?)</div>
<div><br></div><div>Assuming the userblacklist module will do what I hope, I have a question about how to slot the OpenSIPS server into our network. In an ideal world, I would run the OpenSIPS server in stateless mode so that is scales well, and do nothing more with the SIP traffic apart from forward on non-blocked calls to our existing propriety SIP proxy and block banned SIP uris from progressing any further.</div>
<div><br></div><div>The main question I have is can the userblacklist module be run in stateless mode and is it possible for OpenSIPS to forward on traffic to another SIP proxy for registration. In effect I guess I am trying to build some kind of SIP firewall out of OpenSIPS but I don't know if this is possible. Any advice / constructive criticism from the knowledgeable people on this list would be massively appreciated!</div>
<div><br></div><div>Sincerely,</div><div><br></div><div>Dan.</div><div><br></div><div>(If it's okay I will keep my surname and company name anonymous due to the public nature of this list and the fraud problems that we have been experiencing.)</div>
<meta http-equiv="content-type" content="text/html; charset=utf-8">