[asterisk-users] On Register, run a script, validate source IP

Jöran Vinzens vinzens at sipgate.de
Wed Nov 20 03:08:56 CST 2019 

Hi,

for me it sounds like you need an SBC.
We use Kamailio in order to check users IP Addresses. There are modules
like "permissions" in kamailio what could do this. As well there are pike
checks, sanity checks and a bunch of other useful tools.

If you want to secure and protect your Asterisk you should not use the
Asterisk for it.

BR
Jöran

On Wed, Nov 20, 2019 at 10:03 AM Olivier <oza.4h07 at gmail.com> wrote:

> Hello,
>
> Have you tried with ACL (acl.conf) ?
>
> Cheers
>
>
> Le lun. 18 nov. 2019 à 13:22, Benoit Panizzon <benoit.panizzon at imp.ch> a
> écrit :
>
>> Hi Gang
>>
>> To increase security against phished passwords and similar attacks, we
>> consider offering customers to define IP ranges (or GeoIP locations)
>> from which their dynamic registrations are being accepted.
>>
>> I can already look at the source IP in the dial plan, so no issue with
>> validate an INVITE against a source IP.
>>
>> But I would also like to prevent registrations from outside of this
>> client's specific allowed ip addresses as well, so the line cannot be
>> hijacked.
>>
>> So I'm looking for something like
>>
>> On Register:
>> If check_allowed_ip(auth_username) {
>>         return;
>> } else {
>>         Reply(403 Wrong IP for this user);
>> }
>>
>> Any ideas how to do that? (Yes, I asked Google and found nothing
>> useful yet)
>>
>> Mit freundlichen Grüssen
>>
>> -Benoît Panizzon-
>> --
>> I m p r o W a r e   A G    -    Leiter Commerce Kunden
>> ______________________________________________________
>>
>> Zurlindenstrasse 29             Tel  +41 61 826 93 00
>> CH-4133 Pratteln                Fax  +41 61 826 93 01
>> Schweiz                         Web  http://www.imp.ch
>> ______________________________________________________
>>
>> --
>> _____________________________________________________________________
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>
>> Check out the new Asterisk community forum at:
>> https://community.asterisk.org/
>>
>> New to Asterisk? Start here:
>>       https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>    http://lists.digium.com/mailman/listinfo/asterisk-users
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> Check out the new Asterisk community forum at:
> https://community.asterisk.org/
>
> New to Asterisk? Start here:
>       https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users



-- 

Jöran Vinzens - vinzens at sipgate.de
Telefon: +49 211-63 55 56-21
Telefax: +49 211-63 55 55-22

sipgate GmbH - Gladbacher Str. 74 - 40219 Düsseldorf
HRB Düsseldorf 39841 - Geschäftsführer: Thilo Salmon, Tim Mois
Steuernummer: 106/5724/7147, Umsatzsteuer-ID: DE219349391

www.sipgate.de - www.sipgate.co.uk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20191120/cad44d0a/attachment.html>

More information about the asterisk-users mailing list