[asterisk-users] Securing Asterisk - How to avoid sending, "SIP/2.0 603 Declined"
Alex Balashov
abalashov at evaristesys.com
Fri Jul 22 20:45:33 CDT 2011
Asterisk does not expose low-level control of its SIP stack. It's something intended to be configured and used at the application level.
If you really want to do this without a firewall, put a Kamailio proxy in front of your Asterisk install and drop things as you see fit. But why go through the trouble? What's wrong with iptables?
--
Alex Balashov - Principal
Evariste Systems LLC
260 Peachtree Street NW
Suite 2200
Atlanta, GA 30303
Tel: +1-678-954-0670
Fax: +1-404-961-1892
Web: http://www.evaristesys.com/
On Jul 22, 2011, at 9:30 PM, Bruce B <bruceb444 at gmail.com> wrote:
> Thanks for the input. I am really surprised. But yes, I want exactly what firewall does, DROP packet instead of REJECTING it.
>
> So, you are saying that one has to tamper the SIP stack to add the option to not respond to un-trusted sources?
> I really thought Asterisk might have this built in as a feature.
>
>
> I can't even do a dialplan search for a registered PEER because even if I find the IP to not be a trusted I still need to Hangup() on the invite which in turn send 603 Declined.
>
> There isn't really any work-around to this?
>
> Thanks again
>
>
> On Fri, Jul 22, 2011 at 7:39 PM, Alex Balashov <abalashov at evaristesys.com> wrote:
> On 07/22/2011 07:32 PM, Bruce B wrote:
> Hello,
>
> I am wondering if there is a way to drop SIP packets for generic
> transactions? For example, only SIP PEERs are allowed to call in and
> receive ACK or Declined rather that those inviting a call who are not
> PEERs at all.
>
> Currently my Asterisk setup sends, "*SIP/2.0 603 Declined" *to any
> stranger invites because my dialplan includes Hangup(). Is there any
> way I can not send a 603 declined so to mislead the probe runner?
>
> There is really no way to accomplish that except with a firewall.
>
>
> --
> Alex Balashov - Principal
> Evariste Systems LLC
> 260 Peachtree Street NW
> Suite 2200
> Atlanta, GA 30303
> Tel: +1-678-954-0670
> Fax: +1-404-961-1892
> Web: http://www.evaristesys.com/
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
> http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
> http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20110722/d0a88cbe/attachment-0001.htm>
More information about the asterisk-users
mailing list