[SIPForum-discussion] SBC's that drop traffic based on domain
Zuñiga, Guillermo
Guillermo.Zuniga at cwpanama.com
Thu Jun 16 21:56:46 UTC 2011
Did you try defining a Local Policy just for the Legit Domain?
Guillermo Zuniga
Especialista de Soporte Técnico
Gerencia de Soporte Técnico
Tel: +507 263-6671
Cel: +507 6670-0481
Fax: +507 265-3295
Email: Guillermo.Zuniga at cwpanama.com<mailto:Guillermo.Zuniga at cwpanama.com>
Web: www.cwpanama.com<http://www.cwpanama.com>
[cid:image022140.JPG at 2a924abe.4d808fc0]<http://www.cwpanama.com>
[cid:image2668da.JPG at 45260d7d.4fafeb8c]
De: discussion-bounces at sipforum.org [mailto:discussion-bounces at sipforum.org] En nombre de Chet Curry
Enviado el: jueves, 16 de junio de 2011 03:55 p.m.
Para: discussion at sipforum.org
Asunto: [SIPForum-discussion] SBC's that drop traffic based on domain
In an effort to mitigate DDOS attack’s I am trying to deny all traffic based on the request-uri host domain. The reason being from what I see is “most” attacks are sent to the SBC’s IP address and does use the domain name. When the proper domain is supplied I would like to allow that packet. All other I will not respond to period.
Example of hacker Requet URI
Ex. INVITE sip100:199.44.55.22 SIP/2.0
Legit Request URI
Ex. INVITE sip:7724558787 at voip.hacker.net SIP/2.0
I have tried to create an HMR on ACME with little success. I can get the registers to not respond yet only if sip:199.44.55.22 is use. If the attacker uses sip:100 at 199.44.55.22 the SBC still will respond with a 403.
Besides that All invites are never dropped.
I have tried to get ACME to come up with a solution yet have been unsuccessful.
Has anyone had any successful experience at implementing this on any other SBC platform? I know there are many ways to protect yourself from DDOS attacks yet to me this is a simple first line of defense.
[cid:image001.png at 01CC2C46.606D4B10]
La información contenida en este correo electrónico es confidencial y puede también ser objeto de acciones legales. Es dirigida únicamente para el o los destinatarios(s) nombrados anteriormente. Si no es mencionado como destinatario, no debe leer, copiar, revelar, reenviar o utilizar la información contenida en este mensaje. Si ha recibido este correo electrónico por error, por favor notifique al remitente y proceda a borrar el mensaje y archivos adjuntos sin conservar copias.
The information contained in this e-mail is confidential and may also be subject to legal privilege. It is intended only for the recipient(s) named above. If you are not named as a recipient, you must not read, copy, disclose, forward or otherwise use the information contained in this email. If you have received this e-mail in error, please notify the sender immediately by reply e-mail and delete the message and any attachments without retaining any copies.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://sipforum.org/pipermail/discussion/attachments/20110616/b3e5b72d/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 56691 bytes
Desc: image001.png
URL: <http://sipforum.org/pipermail/discussion/attachments/20110616/b3e5b72d/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image022140.JPG
Type: image/jpeg
Size: 40636 bytes
Desc: image022140.JPG
URL: <http://sipforum.org/pipermail/discussion/attachments/20110616/b3e5b72d/attachment-0004.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image2668da.JPG
Type: image/jpeg
Size: 38488 bytes
Desc: image2668da.JPG
URL: <http://sipforum.org/pipermail/discussion/attachments/20110616/b3e5b72d/attachment-0005.jpe>
More information about the discussion
mailing list