Hi Klaus,
I was already considering this feature, from same reasons as you.
Attacks may hide behind DNS address IPs of critical components of a
platform (like GW).
I was thinking having this in core to be able to use it both in
stateless (core) and statefull (tm) mode. My concern is where/how to
define the IP black list. If it will be kept in core, will the core
populated it (via script??) or module should register IPs to the core
list? All this in the idea of being able to do a nice provisioning of
the IP blacklist.
At this hot spot, any comments/ suggestions are welcomed!
regards,
bogdan
Klaus Darilion wrote:
Hi!
In many situations it would be useful to verify the destination IP
address of a message before sending the message. E.g. I want to make
sure that accounting and authentication was applied before sending a
request to a gateway.
loose_route and DNS resolving make it impossible to handle all
scenarios in the config script. Thinking about the problem I got the
following idea:
The tm module should, after all DNS lookups, verify the dest. IP
against a blacklist (e.g. the GW table from lcr module). If the dest.
IP is on the blacklist, the message will only be sent if a certain
flag is set. This flag will be set in the config script after all
checks (acc, auth...) has been applied.
What do you think about this idea? Any other ideas for this problem?
regards,
klaus
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users