IƱaki Baz Castillo writes:
An ugly client sends us a request with a malformed P-Asserted-Identity as follows:
P-Asserted-Identity(sip@domain.com
Note that it's an *invalid* header. But Kamailio "allows" it and the request arrives to the GW. But the GW drops the request due to the malformed header so it sends NO reply at all. Then timeout occurs in the client transaction and failure_route block is called in which I call to defunct_gw().
check the headers you are forwarding to your gws. also, you can count the number of failures yourself by using htable, for example, and not defunct your gw based on the first failure. further, you could define a timed route, and based on the htable, ping your gws.
Conclusion: an attacker could dissable my gws just by sending a simple malformed request. I strongly miss the monitorization feature in the old LCR module.
my conclusion is as it was before: keep lcr module simple and do monitoring separately. it might be possible to include a mi command to manage defunct time of a gw, but i'm not sure about it, because currently the tables may not include enough info to pinpoint a particular gw.
-- juha