On Fri, Sep 16, 2016 at 07:54:20AM +0100, Eric Koome wrote:
> Hi all - my Kamailio - 4.1.6 is receiving this particular structured
> INVITES from multiple IPs, and for some reason it is not requesting
> authentication. I have AUTH & IPAUTH modules in use for two years now,
> but this is bypassing that and actually forwarding the invite to
> asterisk servers behind Kamailio.
> I notice from the invite that the contact (c=IN IP4 10.10.10.10) is
> unusual and in the private range. Is this what is bypassing
Depends on what you are doing to authenticate, but normally you wouldn't
use SDP body stuff for authentication. So it's unlikely.
> Any Pointers on how to stop this. This is flooding my boxes!
Take a look at pike
or maybe (never used it so far) pipelimit
BTW for me all INVITEs for numbers starting with 9 indicate to toll
fraud. You might want to setup a honeypot and create a blocklist of IPs
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list