[VoiceOps] SBC's that drop traffic based on domain

Brandon Buckner BrandonB at netins.com
Thu Jun 16 17:53:48 EDT 2011

How about using local-policy instead of HMR?

From-address *
To-address *@voip.myvoice.net<mailto:*@voip.myvoice.net>
                Next-hop            Softswitch

Realms, etc, would be pursuant to your needs, of course.

Brandon Buckner
Switching Technician / VoIP Admin
Iowa Network Services
brandonb at netins.com<mailto:brandonb at netins.com>

From: voiceops-bounces at voiceops.org [mailto:voiceops-bounces at voiceops.org] On Behalf Of Chet Curry
Sent: Thursday, June 16, 2011 3:58 PM
To: voiceops at voiceops.org
Subject: [VoiceOps] SBC's that drop traffic based on domain

In an effort to mitigate DDOS attack's I am trying to deny all traffic based on the request-uri host domain.  The reason being from what I see is "most" attacks are sent to the SBC's IP address and does use the domain name.  When the proper domain is supplied I would like to allow that packet.  All other I will not respond to period.

Example of hacker Requet URI
Ex. INVITE sip100: SIP/2.0

Legit Request URI
Ex. INVITE sip:7724558787 at voip.myvoice.net SIP/2.0

I have tried to create an HMR on ACME with little success.  I can get the registers to not respond yet only if sip: is use.  If the attacker uses sip:100 at the SBC still will respond with a 403.
Besides that All invites are always responded to regardless even though the HMR(Header Manipulation) should be using Invite and registration meathods.

I have tried to get ACME to come up with a solution yet have been unsuccessful.  They will not even take my request for a feature enhancement.

Has anyone had any successful experience at implementing this on any other SBC platform?  I know there are many ways to protect yourself from DDOS attacks yet  to me this is a simple first line of defense.

[cid:image003.png at 01CC2C44.F5FE8C40]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20110616/97536a00/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 56691 bytes
Desc: image003.png
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20110616/97536a00/attachment-0001.png>

More information about the VoiceOps mailing list