(I forward and reply this mail to the maillist).
2010/10/26 Mino Haluz <mino.haluz(a)gmail.com>:
> Maybe I have not explained it very clearly, but the issue was hidden
> in using fix_nated_contact(). I commented it out and everything works
> perfect :)
Ok, that's a different problem. If you call fix_nated_contact() for a
302 then obviously Kamailio will rewrite the URI host part of the
Contact header with the response public source address.
--
Iñaki Baz Castillo
<ibc(a)aliax.net>
Hi,
my kamailio receives 302 from ip 1.1.1.1 with a correct Contact-header
format 123@kamailiohost , but when it forwards to my cisco as, it suddenly
changes the host part to 1.1.1.1 .. It is very strange because, this IP does
not have anything common with the callee number. Do you know where could be
a problem?
Mino
Hi, I know that handling bflags outside of branch_route is not a good
idea. Anyhow I have a doubt:
1) In a normal route I set "setbflag(i:1)", so the bflag will be set
for all the branches that could be generated for this incoming
transaction. This also involves creating new branches manually under
failure_route, am I right?
Note: I do know that it would be much better just to use flag instead of bflags.
2) The outgoing transaction(s) fail so I enter into failure_route. If
I inspect here bflag(i:1) will it be set or not? I remember that it
will be set.
3) Then I call append_branch in failure_route, or perhaps call
loockup("location") and I expect that all the generated branches will
have the bflag set, am I right?
Thanks a lot.
--
Iñaki Baz Castillo
<ibc(a)aliax.net>
Hello
sorry if this sounds too "newbie". I'm interested in the drouting module.
The first INVITE is correctly forwarded to the gw foudn in the drouting
table:
if (is_method("INVITE") && !has_totag()) {
do_routing("0");
record_route();
}
However for subsequent messages (ACK, BYE) in the dialog I don't know how to
keep track of the ip resolved by the drouting logic so the messages are
correctly forwarded to the same gw. I've made some tests using the dialog
module with no success. Any hint?
Thanks in advance
Javier
Hi Robert and list,
@Robert: thank you so much.
After change some things as the guide of Robert, i can see more LM_DBG from other modules as: tm, core (msg_parser.c, t_lookup.c...... )...but what i need is the log from xmpp module (e.g xmpp.c, xmpp_component.c......). As the guide on xmpp page, i just can debug with xmpp_send_message command, and i can't check whether kamailio was registered successful as the component of local jabberd server. How can check this ?
Thanks,
Huy Nguyen
www.htk-inc.com
Date: Mon, 25 Oct 2010 13:25:14 +0200
From: robert(a)exa-omicron.nl
To: huy_quocnguyen(a)live.com
CC: sr-users(a)lists.sip-router.org
Subject: Re: [SR-Users] Debug xmpp module with kamailio 3.0.4
On 10/25/2010 12:31 PM, Huy Nguyen wrote:
log_facility=LOG_LOCAL0
How can I check all LM_DBG logs in some files as xmpp.c,
xmpp_component.c .... to view the registration processing of
kamailio to local jabberd s erver ?
Huy,
In the default syslog.conf of centos you have a line:
*.info;mail.none;authpriv.none;cron.none
/var/log/messages
Which only sends log level info and lower to /var/log/messages.
If you add a line:
local0.*
-/var/log/kamailio.log
You will find all any debugging output of kamailio in
/var/log/kamailio.log
Don't forget to restart syslog
Regards,
Robert Verspuy
--
Exa-Omicron
Patroonsweg 10
3892 DB Zeewolde
Tel.: 088-OMICRON (66 427 66)
http://www.exa-omicron.nl
Hi all,
About xmpp module on kamailio 3.0.4 (Centos server).
I enabled DEBUG mode with level 7, but when check on /var/log/message I don't see any log from xmpp module (LM_DBG):
#!ifdef WITH_DEBUG
debug=7
log_stderror=no
#!else
debug=2
log_stderror=no
#!endif
memdbg=5
memlog=5
log_facility=LOG_LOCAL0
fork=yes
children=4
If I change LM_DBG to LM_ERR, I just see 3 line as below:
Oct 25 17:03:48 civilpol /usr/local/sbin/kamailio[31029]: ERROR: xmpp [xmpp.c:345]: cmd_send_message
Oct 25 17:03:48 civilpol /usr/local/sbin/kamailio[31029]: ERROR: xmpp [xmpp.c:379]: message from <sip:101@sip.htk.com>
Oct 25 17:03:48 civilpol /usr/local/sbin/kamailio[31029]: ERROR: xmpp [xmpp.c:388]: using R-URI as destination
How can I check all LM_DBG logs in some files as xmpp.c, xmpp_component.c .... to view the registration processing of kamailio to local jabberd server ?
Thanks,
Huy Nguyen
www.htk-inc.com
probably omitted by mistake, but please keep the mailing list cc-ed.
On 10/24/10 3:38 PM, Sergey Okhapkin wrote:
> Note that I check return code of www_authorize to be -1 (invalid user) and
> block IP in this case only. Other error codes should not block the IP address.
This one remembered me that in 3.1 we merged the auth modules and we
used the one coming from ser because it has better nonce protection and
other enhancements than kamailio version.
That means the return codes have changed, the new ones are listed now at:
http://kamailio.org/docs/modules/stable/modules_k/auth_db.html#id2753068
Added also note in migration wiki page:
http://www.kamailio.org/dokuwiki/doku.php/install:3.0.x-to-3.1.0#modules_k_…
Cheers,
Daniel
> On Sunday 24 October 2010, you wrote:
>> I watched live an attack on voipuser.org while running 3.1 before
>> release. It lasted 18 hours. I didn't want to ban it because was useful
>> for testing and see if it reveals any weak. In most of the cases it hit
>> pike module. I got some data and plan to make an article about it soon.
>>
>> Anyhow, as a result of that, default config for kamailio has a section
>> for detecting and banning such "bad" IPs, using pike to detect floods
>> and htable to keep it blocked. Search WITH_ANTIFLOOD directive. It can
>> be enhanced like you pointed here, so if the authorize fails, add the IP
>> in the banned list stored in htable.
>>
>> Using fail2ban together with IP tables has the advantage of dropping the
>> packets before getting to application and eating cpu, although in the
>> case of voipuser.org the cpu was not affected much - the rate was
>> 170-200 requests per second.
>>
>> Cheers,
>> Daniel
>>
>> On 10/24/10 3:06 PM, Sergey Okhapkin wrote:
>>> I'm second for fail2ban. I block IP addresses with failed registration
>>> attempts for 1 hour. Here is my setup:
>>>
>>> kamailio.cfg:
>>>
>>> if (is_method("REGISTER")) {
>>> if(www_authorize("", "subscriber")< 0) {
>>> if($rc == -1) {
>>> xlog("L_INFO","Invalid username from
>>> $proto:$si:$sp\n"); sl_send_reply("200","OK");
>>> } else
>>> www_challenge("", "0");
>>> exit;
>>> }
>>> ....
>>>
>>> /etc/fail2ban/filter.d/openser.conf:
>>>
>>> [Definition]
>>> #_daemon = kamailio
>>> failregex = Invalid username from ...:<HOST>:
>>>
>>> /etc/fail2ban/jail.conf:
>>>
>>> findtime = 600
>>>
>>> [openser-iptables]
>>> enabled = true
>>> filter = openser
>>> action = iptables-allports[name=OPENSER, protocol=all]
>>> logpath = /var/log/openser/openser # Replace with your sr log location
>>> maxretry = 10
>>> bantime = 3600
>>>
>>> On Sunday 24 October 2010, Uriel Rozenbaum wrote:
>>>> Juha,
>>>>
>>>> I think we should be specially careful about black-lists. We receive
>>>> many of these attacks in a per-day basis and a lot of them are from
>>>> residential addresses or university, so I'm guessing some kind of worm
>>>> or trojan performing the attack from various IPs.
>>>>
>>>> If you have the time, try fail2ban deamon. It can relate some
>>>> brute-force events and act accordingly blocking an IP on iptables,
>>>> executing a script. You send to "jail" those addresses for a period of
>>>> time, then you can get them out again; and of course you can manually
>>>> revert.
>>>>
>>>> Last, as a description of the attacks I saw, first it runs an NMAP
>>>> like scan checking which IPs answer from 5060, then it starts sending
>>>> registers (usually asterisk answers 404 if the user does not exist),
>>>> then when the proxy challenges, it interprets the user is found and
>>>> starts making dictionary attacks on the password (1234, admin, and so
>>>> on). Keep safe complicated passwords, make kamailio challenge
>>>> everything and you'll be safe. and again, fail2ban is a pretty good
>>>> solution for brute force.
>>>>
>>>> This might help you finding a solution for your attacks.
>>>>
>>>> Cheers,
>>>> Uriel
>>>>
>>>> On Sun, Oct 24, 2010 at 8:54 AM, Juha Heinanen<jh(a)tutpro.com> wrote:
>>>>> while doing some tests, i noticed that one of my proxies started to
>>>>> receive lots of register requests with different user names starting
>>>>> from a letter. there was also invite attempts in the logs. they came
>>>>> from ip 202.82.16.99 which according to traceroute is somewhere in
>>>>> china.
>>>>>
>>>>> should we start publishing a black list of these attack ip addresses?
>>>>>
>>>>> -- juha
>>>>>
>>>>> _______________________________________________
>>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>>>> sr-users(a)lists.sip-router.org
>>>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>>> _______________________________________________
>>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>>> sr-users(a)lists.sip-router.org
>>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>>> _______________________________________________
>>> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>>> sr-users(a)lists.sip-router.org
>>> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Daniel-Constantin Mierla
http://www.asipto.com
while doing some tests, i noticed that one of my proxies started to
receive lots of register requests with different user names starting
from a letter. there was also invite attempts in the logs. they came
from ip 202.82.16.99 which according to traceroute is somewhere in
china.
should we start publishing a black list of these attack ip addresses?
-- juha
Hello,
Marius Zbihlei has patched the userblacklist module, so that it can handle characters as well (NOT in main release 3.1 yet). Thanks Marius.
Therefore it might now be possible to filter general SIP-URIs!??
My idea is simple and described here. Please give some Feedback!!!
As the "prefix"-functionality up to now was referring to SIP-URIs consisting of digits (=real telephon numbers) like
004930123456(a)1and1.de
the general URI might be something like
user_123(a)server.domain.de
So far the "prefix"-functionality works because usernames that are real telephone numbers, that always start with country-code, followed by town- or regional-code and end with a unique number of the user (in this example 0049=Germany, (0)30=Berlin, 123456=user's unique number).
To use "prefix"-functionality with general (including non-digits) URIs it must be evaluated reverse (from back to front) as the domain ends with the country- or top-level-domain and becomes more detailed the reverse way.
So the IDEA is:
Insert the domain as prefix in userblacklist-table in reverse, to use the functionality.
I would use a perl-script to reverse the SIP-URI of the calling party in routing logic and then check it against the already reverted domain in the userblacklist-table.
Do you think this is a good/well-working idea???
Any concerns or suggestions are appreciated...
Regards,
Nicolas
--
GMX DSL Doppel-Flat ab 19,99 €/mtl.! Jetzt auch mit
gratis Notebook-Flat! http://portal.gmx.net/de/go/dsl
You need to have no 'secret' field in the asterisk sipusers view.
Please keep the list in cc. Private e-mail will go unanswered.
Regards,
Ovidiu Sas
On Fri, Oct 22, 2010 at 1:53 PM, Sundeep Kumar Mishra
<sundeep123kumariiit(a)gmail.com> wrote:
> Hi,
> Thanks for you quick reply.
> We understand where we had been wrong. Since it was not quite clear in
> the tutorial could u tell us how to disable authentication in asterisk?
> Regards,
> Sundeep Kumar Mishra
>
>
> On Fri, Oct 22, 2010 at 7:29 PM, Ovidiu Sas <osas(a)voipembedded.com> wrote:
>>
>> If you use that particular config, you need to disable authentication
>> on the asterisk side.
>> Just read careful the tutorial.
>>
>> Regards,
>> Ovidiu Sas
>>
>> On Fri, Oct 22, 2010 at 9:15 AM, Sundeep Kumar Mishra
>> <sundeep123kumariiit(a)gmail.com> wrote:
>> > Hi all,
>> > I have installed an asterisk server at 10.3.3.143:5080 and a
>> > kamailio at 10.3.3.85:5060. I am using sip communicator as softphone SIP
>> > Client. It is able to register at kamailio but the kamailio is not able
>> > to
>> > forward register request to asterisk.
>> >
>> > We have gone through the tutorial
>> >
>> > http://kb.asipto.com/asterisk:realtime:kamailio-3.0.x-asterisk-1.6.2-astdb
>> > and used the configuration file after changing the asterisk ip and
>> > kamailio
>> > ip.
>> >
>> > We found out that when a normal softphone authenticates directly to
>> > asterisk
>> > it sends and recieve
>> >
>> > |--softphone -- REGISTER
>> > |--asterisk -- 401 Unauthorised . CHallenge
>> > |--softphone -- REGISTER - Response to Challenge
>> > |--asterisk -- 200 OK (If response was correct)
>> >
>> > But I saw that when kamailio forwards register to asterisk, it sends
>> > first
>> > REGISTER packet but doesn't second the second one. It sends SUBSCRIBE
>> > instead of REGISTER with response to the challenge.
>> >
>> >
>> > Regards,
>> > Sundeep Kumar Mishra
>> >
>> > _______________________________________________
>> > SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>> > sr-users(a)lists.sip-router.org
>> > http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>> >
>> >
>
>
