On Fri, Sep 16, 2016 at 07:54:20AM +0100, Eric Koome wrote: > Hi all - my Kamailio - 4.1.6 is receiving this particular structured > INVITES from multiple IPs, and for some reason it is not requesting > authentication. I have AUTH & IPAUTH modules in use for two years now, > but this is bypassing that and actually forwarding the invite to > asterisk servers behind Kamailio. > I notice from the invite that the contact (c=IN IP4 10.10.10.10) is > unusual and in the private range. Is this what is bypassing > Authentication?
Depends on what you are doing to authenticate, but normally you wouldn't use SDP body stuff for authentication. So it's unlikely. > Any Pointers on how to stop this. This is flooding my boxes! Take a look at pike http://kamailio.org/docs/modules/stable/modules/pike.html or maybe (never used it so far) pipelimit http://kamailio.org/docs/modules/stable/modules/pipelimit.html BTW for me all INVITEs for numbers starting with 9 indicate to toll fraud. You might want to setup a honeypot and create a blocklist of IPs _______________________________________________ SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list sr-users@lists.sip-router.org http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users