In order to be able to fail2ban an attacker that sends tons of SIP requests with malformed request lines, it would need to be possible to generate an appropriate syslog message from config file.
I didn't find any sanity module param value that would turn on checking of request line syntax. Any other ideas?
As an example, below is what comes to syslog when I send a request that has syntax error on request line.
-- Juha
Sep 17 14:46:39 char /usr/bin/sip-proxy[9458]: ERROR: <core> [core/parser/msg_parser.c:337]: parse_headers(): bad header field [(null)] Sep 17 14:46:39 char /usr/bin/sip-proxy[9458]: WARNING: <core> [core/receive.c:230]: receive_msg(): parsing relevant headers failed Sep 17 14:46:43 char /usr/bin/sip-proxy[9458]: ERROR: <core> [core/parser/msg_parser.c:337]: parse_headers(): bad header field [(null)] Sep 17 14:46:43 char /usr/bin/sip-proxy[9458]: WARNING: <core> [core/receive.c:230]: receive_msg(): parsing relevant headers failed