Author |
Message |
NewBrekekeUser Brekeke Newbie
Joined: 30 Sep 2011 Posts: 3
Location: UK
|
Posted: Fri Sep 30, 2011 5:10 am Post subject: User-agent= not working me thinks |
|
|
1. Brekeke Product Name and version: Brekeke SIP Server rev.286.3 Evaluation
2. Java version: 32bit version 6 update 27
3. OS type and the version: 2008 R2 Standard
4. UA (phone), gateway or other hardware/software involved:not really in this case
5. Select your network pattern from http://www.brekeke-sip.com/bbs/network/networkpatterns.html : one
6. Your problem: As recommended in the http://wiki.brekeke.com/wiki/Secure-your-SIP-communication?PHPSESSID=dd19b84a28efb4243491e818572b83bb i am trying to use "user-agent=friendly-scanner" to return 603 responses, this morning i am testing and i can not get this rule to work. I have wireshark open on the server and I am watching the SIP packets come in with an user-agent of friendly-scanner but i am getting 100 and 407 responses rather than 603. now i removed the rule and checked and getting the same packets with or without the rule in place. I don't think its working with User-agent, I am new to the Brekeke product only been working on it a day or two so I might have missed something simple. _________________ meh |
|
Back to top |
|
hope Brekeke Master Guru
Joined: 15 Jan 2008 Posts: 862
|
Posted: Fri Sep 30, 2011 10:27 am Post subject: |
|
|
is the rule with user-agent=friendly-scanner put on top of all other rules?
and need to click "Apply Rules" button after editting dial plan rule. |
|
Back to top |
|
redroof Brekeke Talented
Joined: 16 Nov 2007 Posts: 97
|
Posted: Fri Sep 30, 2011 11:16 am Post subject: |
|
|
Are these unexpectable packets are saying "friendly-scanner" in their User-Agent header?
If they use another User-Agent name, your DialPlan rule will not work...
Sometime they use "sundayddr" or "Asterisk" as User-Agent.
Also, look at From header. Is it "sipsscuser" or "sipvicious"?
If so, you can use the following DialPlan rule.
Matching Patterns | From = sipsscuser|sipvicious
| Deploy Patterns | $response = 603
|
If you have a list of acceptable IP addresses, I recommend that you use the IP address filtering with "allow". |
|
Back to top |
|
NewBrekekeUser Brekeke Newbie
Joined: 30 Sep 2011 Posts: 3
Location: UK
|
Posted: Mon Oct 03, 2011 1:18 am Post subject: |
|
|
Good Morning
Sorry for the delay in replying, in answer to your questions
Hope: Yes Friendly Scanner rule is placed at the top of the dial plan, I have opened up the SIP packets in wireshark and copied the user-agent out to make sure that the spelling and formatting are correct, and I have applied the rules a number of times as I have put in other rules since this one and they are working correctly
Redroof: The verison of SIP sipvicious is the latest and I have double checked the name it is coming in with, also for testing I changed the SIP vicious user to something else just to see if that would be picked up (it was not).
On our production machines we use IP address filtering which works well, this is just a side project because i find this stuff interesting. |
|
Back to top |
|
taitan Brekeke Master Guru
Joined: 15 Mar 2008 Posts: 237
|
Posted: Mon Oct 03, 2011 11:31 am Post subject: |
|
|
Hi
Can you paste your DialPlan rule which tries to catch "friendly-scanner" ?
Thanks |
|
Back to top |
|
NewBrekekeUser Brekeke Newbie
Joined: 30 Sep 2011 Posts: 3
Location: UK
|
Posted: Fri Oct 07, 2011 3:10 am Post subject: |
|
|
Direct Copy from the webpage
Reject Sipvicious User-Agent=friendly-scanner $response=603
Copy from an exported dialpla.tbl
"Reject Sipvicious", User-Agent="friendly-scanner";, $response="603", "Reject Sipvicious attempts user agent is friendly-scanner"
"Reject Sipvicious vi", From="SipVicious";, $response="603", "Reject Sipvicious attempts user agent is friendly-scanner" |
|
Back to top |
|
taitan Brekeke Master Guru
Joined: 15 Mar 2008 Posts: 237
|
Posted: Fri Oct 07, 2011 10:02 am Post subject: |
|
|
Your DialPlan rule seems no problem.
Does it still not work? |
|
Back to top |
|
|