Hi,
Unfortunately the error route is not triggered for such early errors
(only after hitting the script). The only module being able to help here
is the pike module - it "sees" these errors and count them (when you use
the module with the route, not with script function). If there are
enough hits, the src IP will be reported. If too few hits, as Alex said,
don't bother with it :)
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
https://www.opensips-solutions.com
https://www.siphub.com
On 08.12.2024 20:21, APach via Users wrote:
It looks like a new way to hijack the system.
Come from around 75 different IP addresses.
_______________________________
Best Regards Andriy Pachkovskyy
Mob. tel. +48504122924
Mob. tel. +380679421834
Sip tel. 220...@lviv-ua.com
Email: ap...@lviv-ua.com
Jabber: ap...@lviv-ua.com
On Sun, 8 Dec 2024 13:09:58 -0500 Alex Balashov
<abalas...@evaristesys.com>
wrote:
Hello,
It's not clear that OpenSIPS really requires 'protection' from
malformed SIP messages. They don't do any obvious harm.
More generally, there's no way to use the parser to validate SIP
messages for morphological correctness without... using the
parser to validate them. How would you know if they're bad messages "a
priori"?
If your goal is to block source IPs which generate a large amount of
these invalid messages, that's another matter. A log
analysis-triggered automatic firewalling tool such as Fail2ban[1],
perhaps in concert with a system like APIBAN, might be your
best bet.
-- Alex
[1] https://github.com/fail2ban/fail2ban
On Dec 8, 2024, at 1:06 pm, APach via Users
<users@lists.opensips.org> wrote:
Dear Team.
How to protect the server from messages like this & how to block them?
Dec 8 19:45:40 mx [1279]: INFO:core:parse_first_line: method not
followed by SP
Dec 8 19:45:40 mx [1279]: INFO:core:parse_first_line: bad message
Dec 8 19:45:40 mx [1279]: ERROR:core:parse_msg:
message=<S.#002O#033`\G#031W#003RYRSZTT#014-#020C3#017\#013k\G-X#032SZin:E6T#0349&u#013yO`M[#015^#036@mzKXW#022#005/,Y#011#025GD[}#007">
Dec 8 19:45:40 mx /usr/sbin/opensips[1279]: ERROR:core:receive_msg:
Unable to parse msg received from [147.45.78.98:11072]
_______________________________
Best Regards Andriy Pachkovskyy
Mob. tel. +48504122924
Mob. tel. +380679421834
Sip tel. 220...@lviv-ua.com
Email: ap...@lviv-ua.com
Jabber: ap...@lviv-ua.com
<ps-error2024-12-08
19-57-31.png>_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
--
Alex Balashov
Principal Consultant
Evariste Systems LLC
Web: https://evaristesys.com
Tel: +1-706-510-6800
_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
