Hi list, does anyone have an experience of using Intrusion Detection/Prevention Systems with/for OpenSIPS? I mean Suricata [1], to be more precise.
There may be two approaches - running Suricata on the same server as OpenSIPS, or running it on a separate server to which the VoIP traffic is mirrored (or on the gateway which is in the OpenSIPS server traffic path). My case is running IDS/IPS on the same server. The server itself is opened to the whole world as it serves REGISTER requests from tens of thousands of mobile devices. And here's the question - do I really need to use IDS/IPS, or it is enough to configure OpenSIPS, as it has modules like pike, ratelimit, can count (un)successful requests and detect user-agents like those used by sipp, sipvicious and other sip-scanners. The question appeared after grep'ing some key words in Suricata rules and looking at log messages they generate: grep -i voip /var/lib/suricata/rules/suricata.rules - https://pastebin.com/EXanpJn1 grep -i sip /var/lib/suricata/rules/suricata.rules - https://pastebin.com/ih5rA5fz [1] https://suricata.io/ -- best regards, Alexey https://alexeyka.zantsev.com/ _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
