[SIPForum-discussion] SBC's that drop traffic based on domain

Zuñiga, Guillermo Guillermo.Zuniga at cwpanama.com
Thu Jun 16 21:56:46 UTC 2011 

Did you try defining a Local Policy just for the Legit Domain?




Guillermo Zuniga
Especialista de Soporte Técnico
Gerencia de Soporte Técnico

Tel:    +507 263-6671
Cel:    +507 6670-0481
Fax:    +507 265-3295
Email:  Guillermo.Zuniga at cwpanama.com<mailto:Guillermo.Zuniga at cwpanama.com>
Web:    www.cwpanama.com<http://www.cwpanama.com>

[cid:image022140.JPG at 2a924abe.4d808fc0]<http://www.cwpanama.com>

[cid:image2668da.JPG at 45260d7d.4fafeb8c]


De: discussion-bounces at sipforum.org [mailto:discussion-bounces at sipforum.org] En nombre de Chet Curry
Enviado el: jueves, 16 de junio de 2011 03:55 p.m.
Para: discussion at sipforum.org
Asunto: [SIPForum-discussion] SBC's that drop traffic based on domain

In an effort to mitigate DDOS attack’s I am trying to deny all traffic based on the request-uri host domain.  The reason being from what I see is “most” attacks are sent to the SBC’s IP address and does use the domain name.  When the proper domain is supplied I would like to allow that packet.  All other I will not respond to period.

Example of hacker Requet URI
Ex. INVITE sip100:199.44.55.22 SIP/2.0

Legit Request URI
Ex. INVITE sip:7724558787 at voip.hacker.net SIP/2.0



I have tried to create an HMR on ACME with little success.  I can get the registers to not respond yet only if sip:199.44.55.22 is use.  If the attacker uses sip:100 at 199.44.55.22 the SBC still will respond with a 403.
Besides that All invites are never dropped.

I have tried to get ACME to come up with a solution yet have been unsuccessful.

Has anyone had any successful experience at implementing this on any other SBC platform?  I know there are many ways to protect yourself from DDOS attacks yet  to me this is a simple first line of defense.



[cid:image001.png at 01CC2C46.606D4B10]


La informaci&#xf3;n contenida en este correo electr&#xf3;nico es confidencial y puede tambi&#xe9;n ser objeto de acciones legales. Es dirigida &#xfa;nicamente para el o los destinatarios(s) nombrados anteriormente. Si no es mencionado como destinatario, no debe leer, copiar, revelar, reenviar o utilizar la informaci&#xf3;n contenida en este mensaje. Si ha recibido este correo electr&#xf3;nico por error, por favor notifique al remitente y proceda a borrar el mensaje y archivos adjuntos sin conservar copias.

The information contained in this e-mail is confidential and may also be subject to legal privilege.  It is intended only for the recipient(s) named above.  If you are not named as a recipient, you must not read, copy, disclose, forward or otherwise use the information contained in this email.  If you have received this e-mail in error, please notify the sender immediately by reply e-mail and delete the message and any attachments without retaining any copies.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://sipforum.org/pipermail/discussion/attachments/20110616/b3e5b72d/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 56691 bytes
Desc: image001.png
URL: <http://sipforum.org/pipermail/discussion/attachments/20110616/b3e5b72d/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image022140.JPG
Type: image/jpeg
Size: 40636 bytes
Desc: image022140.JPG
URL: <http://sipforum.org/pipermail/discussion/attachments/20110616/b3e5b72d/attachment-0004.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image2668da.JPG
Type: image/jpeg
Size: 38488 bytes
Desc: image2668da.JPG
URL: <http://sipforum.org/pipermail/discussion/attachments/20110616/b3e5b72d/attachment-0005.jpe>

More information about the discussion mailing list