Hi Everyone ,
We have now all our SIP traffic written into a log file so sockets are no
longer required .
1 particular rule that we want to enforce is , if more than 1 SIP message of
type: INVITE with different FROM but same TO number (or request URI) is found
without the corresponding BYE (with the matching call-ID), then subsequent
calls should be seen as fraudulent and blocked . We know how to disconnect a
call in real time if the callID is provided. What would be the best way to
implement such rule with SEC?
a SIP module would be an amazing addition to SEC .. thank you
________________________________
De : Risto Vaarandi <risto.vaara...@seb.ee>
À : simple-evcorr-users@lists.sourceforge.net
Envoyé le : Vendredi 30 Décembre 2011 10h29
Objet : Re: [Simple-evcorr-users] Re : SEC & unix sockets
On 12/29/2011 11:57 PM, sylver_b wrote:
> Hi Everyone ,
>
> that's very good feedback and socat sounds good .. we'll see how far it
> gets us .
>
> thank you
>
...and also, here are couple of posts from the mailing list which
illustrate how to integrate Perl code snippets into SEC rulesets:
http://sourceforge.net/mailarchive/message.php?msg_id=27258102
http://sourceforge.net/mailarchive/message.php?msg_id=27081155
regards,
risto
> ------------------------------------------------------------------------
> *De :* Risto Vaarandi <risto.vaara...@gmail.com>
> *À :* rou...@ieee.org
> *Cc :* simple-evcorr-users@lists.sourceforge.net
> *Envoyé le :* Mercredi 28 Décembre 2011 21h53
> *Objet :* Re: [Simple-evcorr-users] SEC & unix sockets
>
> 2011/12/28 John P. Rouillard <rou...@cs.umb.edu <mailto:rou...@cs.umb.edu>>:
> >
> > In message <4efb49c8.30...@seb.ee <mailto:4efb49c8.30...@seb.ee>>,
> > Risto Vaarandi writes:
> >>On 12/28/2011 05:05 PM, sylver_b wrote:
> >>> Basically , we are running a voip peering service but have to face
> fraud
> >>> on a daily basis. We tried to imagine all sort of ways to detect/stop
> >>> fraudsters (ie: account age vs total active calls, account age vs
> >>> purchase frequency, etc.. ) . SEC comes handy as adding
rules should be
> >>> a lot easier . However, we can only find active calls by connecting
> to a
> >>> unix socket - this is an output sample :
> >>> [...]
> >>> How could we continuously listen to unix sockets with SEC as calls come
> >>> in and achieve the following :
> >>
> >>I think the best way of getting data from UNIX socket would be a small
> >>Perl program which would read the socket and print received events as
> >>lines to standard output. If SEC starts this program at its startup with
> >>'spawn' action, it will be able to receive events from the socket.
> >>Another approach would be to let the program write into a file, and
> >>configure the file as input source with --input option.
>
>
> > Also you could use netcat (nc) or socat with appropriate arguments to
> > conect to the socket and transfer the data to stdout rather than
> > writing a perl script.
> >
> > I would not suggest using telnet to do this, it can sort of work but
> > you will occasional get odd behavior which is less likely with
> > socat/netcat.
> >
> > So a spawn command that runs:
> >
> > nc ip_addr port
> >
> > will take the data from a tcp socket at ip_addr:port and send it to
> > stdout (and into SEC).
> >
>
> That's indeed a much better way than having a small perl script :)
> risto
>
> ------------------------------------------------------------------------------
> Ridiculously easy VDI. With Citrix
VDI-in-a-Box, you don't need a complex
> infrastructure or vast IT resources to deliver seamless, secure access to
> virtual desktops. With this all-in-one solution, easily deploy virtual
> desktops for less than the cost of PCs and save 60% on VDI infrastructure
> costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
> _______________________________________________
> Simple-evcorr-users mailing list
> Simple-evcorr-users@lists.sourceforge.net
> <mailto:Simple-evcorr-users@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
>
>
>
>
> ------------------------------------------------------------------------------
> Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
> infrastructure or vast IT resources to deliver seamless, secure access to
> virtual desktops. With this all-in-one solution, easily deploy virtual
> desktops for less than the cost of PCs and save 60% on VDI infrastructure
> costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
>
>
>
> _______________________________________________
> Simple-evcorr-users mailing list
> Simple-evcorr-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
------------------------------------------------------------------------------
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual
desktops for less than the cost of PCs and save 60% on VDI infrastructure
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
