Hi there, I am investigating OpenSIPS for use in my company's VOIP network. I'm wondering if I could get a little advice on a design I am considering?
The problem: We currently have a VOIP network built around a propriety SIP proxy which we are discovering appears to have a number of security weaknesses. The most significant of these is it's inability to tear down calls in progress once a user's balance has hit zero and having no ability to limit the channels that a user has open. This could potentially cripple our business due to the losses we are experiencing from fraud. A very early draft of my solution: I have noticed the OpenSIPS module userblacklist ( http://www.opensips.org/html/docs/modules/1.6.x/userblacklist.html ) and believe that this could solve our problems. I have other code running elsewhere on our network which is able to identify fraudulent calls - I just need a way of killing said calls and stopping the fraud in progress. It seems with this module I could call a web service on the OpenSIPS server, add and remove SIP uris from the blacklist database table and then call the module MI function via XML-RPC to update the list and cut off the call. (At least I am hoping it could do this - can the blacklist block calls in progress?) Assuming the userblacklist module will do what I hope, I have a question about how to slot the OpenSIPS server into our network. In an ideal world, I would run the OpenSIPS server in stateless mode so that is scales well, and do nothing more with the SIP traffic apart from forward on non-blocked calls to our existing propriety SIP proxy and block banned SIP uris from progressing any further. The main question I have is can the userblacklist module be run in stateless mode and is it possible for OpenSIPS to forward on traffic to another SIP proxy for registration. In effect I guess I am trying to build some kind of SIP firewall out of OpenSIPS but I don't know if this is possible. Any advice / constructive criticism from the knowledgeable people on this list would be massively appreciated! Sincerely, Dan. (If it's okay I will keep my surname and company name anonymous due to the public nature of this list and the fraud problems that we have been experiencing.)
_______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
