May you help?.. :-)
Kind regards,
Ellad
22.10.2018 17:12, Alex Balashov пишет:
I did not say that my article represents a complete
answer to every part
of every one of your questions, at every level of abstraction and
specificity. Just that it might be helpful. :-)
On Mon, Oct 22, 2018 at 04:40:03PM +0300, Ellad Yatsko wrote:
> Dear Alex,
>
> your article is just "general words". :-) There is a couple of questions:
>
> - can my "vision" be completed?
> - how can it be implemented?
>
> The major problem as I see is to modify algorithm so Kamailio will not check
> database but will lean on answers of its upstream to generate
> UL. It should not BALANCE, just forward SIP traffic, ANALYZE answers of
> Upstream
> SIP-Server, make decision about attacks and PROXY RTP. It should be more
> clear
> definition what I would like to achieve.
>
> I could be confused about exact terminology of "Session Border
Controller".
> But I'd like to implement FRAUD/BruteForce protection of my Asterisk using
> Kamailio (in the middle) because I heard it highly effective in the point
> of view of heavy loads. Asterisk might not bear a "tons" of SIP requests
> (dialogs).
>
>
>
> Kind regards,
> Ellad
>
>
> 22.10.2018 12:07, Alex Balashov пишет:
>> I hate to plug my own articles, but in this case it might help:
>>
>>
http://www.evaristesys.com/blog/kamailio-as-an-sbc-five-years-on/
>>
>> --
>> Sent from mobile. Apologies for brevity and errors.
>>
>> -----Original Message-----
>> From: Ellad Yatsko <eyatsko(a)ngs.ru>
>> To: sr-users(a)lists.kamailio.org
>> Sent: Mon, 22 Oct 2018 3:28 AM
>> Subject: [SR-Users] Kamailio as SBC
>>
>> Hello!
>>
>> I'd like to implement the following diagram:
>>
>> Users -> Internet -> Kamailio -> Asterisk
>>
>> 1. Kamailio has no own users, it just re-writes headers and re-send
>> REGISTER messages to Asterisk where usres are located.
>>
>> 2. Depending on Astersisk's answers Kamailio either form UL (using
>> original IP from the first, original REGISTER from Users) or translates
>> Asterisk's answer back to Users. If it is error (e.g.
>> forbidden/notfound) Kamailio blocks User's IP (for instance using pike
>> module) and Fail2Ban adds affected IP into IPSet's List to block it by
>> IPTables Permanently.
>>
>> 3. INVITEs are translated to Asterisk as to the only Upstream
>> SIP-Server. And again Errors from Asterisk are processed in the same way
>> as Bad REGISTERs. Pike in conjunction with IPSet/IPTables block affected
>> IPs.
>>
>> 4. Astersisk sees all registrations from Internet user as they are
>> directly behind Kamailio. Kamailio rewirtes headers twice: from Users to
>> Asterisk and from Asterisk to Users - this allows to hide topology from
>> users (they deal ONLY with Kamailio) and block non-static IPs on the
>> Asterisk's side.
>>
>> Is this possible?
>>
>> Kind regards,
>> Ellad Yatsko
>>
>>
>>
>>
>>
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users(a)lists.kamailio.org
>>
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users(a)lists.kamailio.org
>>
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users(a)lists.kamailio.org
>
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users