Hi,
Am having a problem with someone trying to use my opensips to relay calls.
Below is a snippet of my log file
Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
DBG:core:parse_msg: SIP Request:
Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
DBG:core:parse_msg: method: <REGISTER>
Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
DBG:core:parse_msg: uri: <sip:sip.persiantools.com>
Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
DBG:core:parse_msg: version: <SIP/2.0>
Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
DBG:core:parse_headers: flags=2
Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
DBG:core:parse_via_param: found param type 232, <branch> =
<z9hG4bK29073721>; state=6
Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
DBG:core:parse_via_param: found param type 235, <rport> = <n/a>; state=17
Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
DBG:core:parse_via: end of header reached, state=5
Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
DBG:core:parse_headers: via found, flags=2
Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
DBG:core:parse_headers: this is the first via
Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
DBG:core:receive_msg: After parse_msg...
Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
DBG:core:receive_msg: preparing to run routing scripts...
Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
DBG:core:parse_headers: flags=100
Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
DBG:core:parse_to: end of header reached, state=10
Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
DBG:core:parse_to: display={},
ruri={sip:49...@sip.persiantools.com<sip%3a49...@sip.persiantools.com>
}
Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
DBG:core:get_hdr_field: <To> [34];
uri=[sip:49...@sip.persiantools.com<sip%3a49...@sip.persiantools.com>
]
Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
DBG:core:get_hdr_field: to body
[<sip:49...@sip.persiantools.com<sip%3a49...@sip.persiantools.com>
>
]
Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
DBG:core:get_hdr_field: cseq <CSeq>: <22695> <REGISTER>
Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
DBG:maxfwd:is_maxfwd_present: value = 70
Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
DBG:uri:has_totag: no totag
Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
DBG:core:parse_headers: flags=78
Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
DBG:tm:t_lookup_request: start searching: hash=51210, isACK=0
Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
DBG:tm:matching_3261: RFC3261 transaction matching failed
Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
DBG:tm:t_lookup_request: no transaction found
Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
DBG:core:parse_headers: flags=200
Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
DBG:core:get_hdr_field: content_length=0
Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
DBG:core:get_hdr_field: found end of header
Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
DBG:rr:find_first_route: No Route headers found
Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
DBG:rr:loose_route: There is no Route HF
Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
DBG:core:grep_sock_info: checking if host==us: 20==13 && [
sip.persiantools.com] == [72.55.133$
Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
DBG:core:grep_sock_info: checking if port 5060 matches port 5060
Oct 8 08:50:32 CL-T020-483CL /usr/local/sbin/opensips[4680]:
DBG:core:check_self: host != me
As you can see am getting Register requests from
sip:49...@sip.persiantools.com <sip%3a49...@sip.persiantools.com>. What I
wanted to know, how do I block all requests from sip.persiantools.com? Do I
use the userblacklist module? I tried doing that but my problem is that the
database entry requires a prefix, since I want to block all requests from
that specific domain how do I go around it? Or conversely how do I make a
configuration that only allows requests from a specific domain? Any help
would be highly appreaciated.
regards,
James
.
_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
