[VoiceOps] SBC's that drop traffic based on domain

anorexicpoodle anorexicpoodle at gmail.com
Thu Jun 16 17:43:15 EDT 2011 

You should be able to facilitate this a few ways in the Acme, the first
and easiest would be to not configure a port with the IP in the sip
interface, and use only configure the domain name. The second would be
to use HMR to inspect the inbound packets and drop them. Im sure there
are other options as well.

On Thu, 2011-06-16 at 16:58 -0400, Chet Curry wrote:
>  
> 
>  
> 
> In an effort to mitigate DDOS attack’s I am trying to deny all traffic
> based on the request-uri host domain.  The reason being from what I
> see is “most” attacks are sent to the SBC’s IP address and does use
> the domain name.  When the proper domain is supplied I would like to
> allow that packet.  All other I will not respond to period.
> 
>  
> 
> Example of hacker Requet URI
> 
> Ex. INVITE sip100:199.44.55.22 SIP/2.0
> 
>  
> 
> Legit Request URI
> 
> Ex. INVITE sip:7724558787 at voip.myvoice.net SIP/2.0
> 
>  
> 
>  
> 
>  
> 
> I have tried to create an HMR on ACME with little success.  I can get
> the registers to not respond yet only if sip:199.44.55.22 is use.  If
> the attacker uses sip:100 at 199.44.55.22 the SBC still will respond with
> a 403. 
> 
> Besides that All invites are always responded to regardless even
> though the HMR(Header Manipulation) should be using Invite and
> registration meathods.
> 
>  
> 
> I have tried to get ACME to come up with a solution yet have been
> unsuccessful.  They will not even take my request for a feature
> enhancement.  
> 
>  
> 
> Has anyone had any successful experience at implementing this on any
> other SBC platform?  I know there are many ways to protect yourself
> from DDOS attacks yet  to me this is a simple first line of defense.
> 
>  
> 
>  
> 
> Description: signature2
> 
>  
> 
> 
> 
> _______________________________________________
> VoiceOps mailing list
> VoiceOps at voiceops.org
> https://puck.nether.net/mailman/listinfo/voiceops


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20110616/c33ffae2/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 56691 bytes
Desc: image001.png
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20110616/c33ffae2/attachment-0001.png>

More information about the VoiceOps mailing list