Re: [SR-Users] how to catch attacker using bad request line?

17 Sep 2018

Daniel-Constantin Mierla writes:

...
  try with event_route[core:receive-parse-error] { ...
}

 The variables related to sip message content (headers, body, ...) likely
 not working there (should return null), but source IP/port should be good. 
Thanks for the pointer.  I defined:

event_route[core:receive-parse-error] {  # Catch message parse errors

    xnotice("Request from <$var(src_ip)> has invalid syntax\n");

}

but didn't get the notice to syslog.  Only these:

Sep 17 16:37:52 char /usr/bin/sip-proxy[23020]: ERROR: <core>
[core/parser/msg_parser.c:337]: parse_headers(): bad header field [(null)]
Sep 17 16:37:52 char /usr/bin/sip-proxy[23020]: WARNING: <core>
[core/receive.c:230]: receive_msg(): parsing relevant headers failed

-- Juha

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

Re: [SR-Users] how to catch attacker using bad request line?