Re: [OpenSIPS-Users] bad message

Sun, 08 Dec 2024 10:25:34 -0800 

It looks like a new way to hijack the system.

Come from around 75 different IP addresses.




_______________________________
 Best Regards Andriy Pachkovskyy
 Mob. tel. +48504122924
 Mob. tel. +380679421834
 Sip tel.   [email protected]
 Email:    [email protected]
 Jabber:  [email protected]


On Sun, 8 Dec 2024 13:09:58 -0500 Alex Balashov <[email protected]>
 wrote:
 Hello,
It's not clear that OpenSIPS really requires 'protection' from malformed SIP messages. They don't do any obvious harm. More generally, there's no way to use the parser to validate SIP messages for morphological correctness without... using the 
parser to validate them. How would you know if they're bad messages "a priori"?
If your goal is to block source IPs which generate a large amount of these invalid messages, that's another matter. A log 
analysis-triggered automatic firewalling tool such as Fail2ban[1], perhaps in 
concert with a system like APIBAN, might be your
best bet.
-- Alex [1] https://github.com/fail2ban/fail2ban 
On Dec 8, 2024, at 1:06 pm, APach via Users <[email protected]> wrote:

Dear Team.

How to protect the server from messages like this & how to block them?


Dec  8 19:45:40 mx [1279]: INFO:core:parse_first_line: method not followed by SP
Dec  8 19:45:40 mx [1279]: INFO:core:parse_first_line: bad message
Dec 8 19:45:40 mx [1279]: ERROR:core:parse_msg: message=<S.#002O#033`\G#031W#003RYRSZTT#014-#020C3#017\#013k\G-X#032SZin:E6T#0349&u#013yO`M[#015^#036@mzKXW#022#005/,Y#011#025GD[}#007"> 
Dec  8 19:45:40 mx /usr/sbin/opensips[1279]: ERROR:core:receive_msg: Unable to 
parse msg received from [147.45.78.98:11072]




_______________________________
Best Regards Andriy Pachkovskyy
Mob. tel. +48504122924
Mob. tel. +380679421834
Sip tel.   [email protected]
Email:    [email protected]
Jabber:  [email protected]
<ps-error2024-12-08 19-57-31.png>_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
-- 
 Alex Balashov
 Principal Consultant
 Evariste Systems LLC
 Web: https://evaristesys.com
 Tel: +1-706-510-6800

_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

Reply via email to