<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:"Consolas","serif";}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I really wish your suggestion worked. The SBC responds with 404 Registrar Not Found. The intent is to drop the packet. <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Here is an example of my existing HMR. Invites are always responded to and any registration with a user@IP is responded to . If the registration Request-URI has <a href="sip:IP">sip:IP</a> then it blocks the packet.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>Here is an example of the existing HMR. <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>### sip-manipulation ###<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>sip-manipulation<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> name addRoute<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> description<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> header-rule<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> name isDomain<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> header-name request-uri<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> action store<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> comparison-type case-sensitive<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> match-value<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> msg-type any<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> new-value<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> methods INVITE,REGISTER<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> element-rule<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> name isDom<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> parameter-name<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> type uri-host<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> action store<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> match-val-type any<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> comparison-type case-sensitive<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> match-value generic.voip.net|genericlab.voip.net<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> new-value<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> header-rule<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> name addDisSA<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> header-name Route<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> action add<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> comparison-type boolean<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> match-value !$isDomain.$isDom.$0<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> msg-type any<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> new-value "<<a href="sip:1.2.3.4;lr">sip:1.2.3.4;lr</a>>"<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> methods<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>### session-agent ###<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>session-agent<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> hostname 1.2.3.4<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> ip-address 1.2.3.4<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> port 5060<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> state disabled <<<<<<<<<<<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> app-protocol SIP<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> app-type<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> transport-method UDP<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> realm-id core<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> local-response-map 503Rogue <<<<<<<<<<<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>### sip-response-map ###<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>response-map<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> name 503Rogue<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> entries<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> 503 -> 677 (Rogue)<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>### sip-interface ###<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>sip-interface<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> state enabled<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> realm-id peer<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> description<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> sip-port<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> address 192.168.0.3<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> port 5060<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> transport-protocol UDP<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> tls-profile<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> allow-anonymous all<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> ims-aka-profile<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> carriers<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> options dropResponse=677 <<<<<<<<<<<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>### realm-config ###<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>realm-config<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> identifier peer<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'> in-manipulationid addRoute <<<<<<<<<<<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> anorexicpoodle [mailto:anorexicpoodle@gmail.com] <br><b>Sent:</b> Thursday, June 16, 2011 5:43 PM<br><b>To:</b> Chet Curry<br><b>Cc:</b> voiceops@voiceops.org<br><b>Subject:</b> Re: [VoiceOps] SBC's that drop traffic based on domain<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>You should be able to facilitate this a few ways in the Acme, the first and easiest would be to not configure a port with the IP in the sip interface, and use only configure the domain name. The second would be to use HMR to inspect the inbound packets and drop them. Im sure there are other options as well.<br><br>On Thu, 2011-06-16 at 16:58 -0400, Chet Curry wrote: <o:p></o:p></p><p class=MsoNormal style='margin-bottom:12.0pt'> <br><br> <br><br>In an effort to mitigate DDOS attack’s I am trying to deny all traffic based on the request-uri host domain. The reason being from what I see is “most” attacks are sent to the SBC’s IP address and does use the domain name. When the proper domain is supplied I would like to allow that packet. All other I will not respond to period.<br><br> <br><br>Example of hacker Requet URI<br><br>Ex. <b>INVITE</b> sip100:<b>199.44.55.22</b> SIP/2.0<br><br> <br><br>Legit Request URI<br><br>Ex. <b>INVITE</b> <a href="sip:7724558787@voip.myvoice.net">sip:7724558787@voip.<b>myvoice.net</b></a> SIP/2.0<br><br> <br><br> <br><br> <br><br>I have tried to create an HMR on ACME with little success. I can get the registers to not respond yet only if <a href="sip:199.44.55.22">sip:199.44.55.22</a> is use. If the attacker uses <a href="sip:100@199.44.55.22">sip:100@199.44.55.22</a> the SBC still will respond with a 403. <br><br>Besides that All invites are always responded to regardless even though the HMR(Header Manipulation) should be using Invite and registration meathods.<br><br> <br><br>I have tried to get ACME to come up with a solution yet have been unsuccessful. They will not even take my request for a feature enhancement. <br><br> <br><br>Has anyone had any successful experience at implementing this on any other SBC platform? I know there are many ways to protect yourself from DDOS attacks yet to me this is a simple first line of defense.<br><br> <br><br> <br><br><img border=0 width=624 height=499 id="_x0000_i1025" src="cid:image001.png@01CC2CE9.2E6B0730" alt="Description: signature2"><br><br> <br><br><o:p></o:p></p><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><pre><o:p> </o:p></pre><pre>_______________________________________________<o:p></o:p></pre><pre>VoiceOps mailing list<o:p></o:p></pre><pre><a href="mailto:VoiceOps@voiceops.org">VoiceOps@voiceops.org</a><o:p></o:p></pre><pre><a href="https://puck.nether.net/mailman/listinfo/voiceops">https://puck.nether.net/mailman/listinfo/voiceops</a><o:p></o:p></pre></blockquote><p class=MsoNormal><o:p> </o:p></p></div></body></html>