1. Brekeke Product Name and version: Brekeke SIP Server rev.286.3 Evaluation
2. Java version: 32bit version 6 update 27
3. OS type and the version: 2008 R2 Standard
4. UA (phone), gateway or other hardware/software involved:not really in this case
5. Select your network pattern from http://www.brekeke-sip.com/bbs/network/ ... terns.html : one
6. Your problem: As recommended in the http://wiki.brekeke.com/wiki/Secure-you ... 18572b83bb i am trying to use "user-agent=friendly-scanner" to return 603 responses, this morning i am testing and i can not get this rule to work. I have wireshark open on the server and I am watching the SIP packets come in with an user-agent of friendly-scanner but i am getting 100 and 407 responses rather than 603. now i removed the rule and checked and getting the same packets with or without the rule in place. I don't think its working with User-agent, I am new to the Brekeke product only been working on it a day or two so I might have missed something simple.
User-agent= not working me thinks
Moderator: Brekeke Support Team
-
NewBrekekeUser
- Posts: 3
- Joined: Fri Sep 30, 2011 5:03 am
- Location: UK
Are these unexpectable packets are saying "friendly-scanner" in their User-Agent header?
If they use another User-Agent name, your DialPlan rule will not work...
Sometime they use "sundayddr" or "Asterisk" as User-Agent.
Also, look at From header. Is it "sipsscuser" or "sipvicious"?
If so, you can use the following DialPlan rule.
----------------------------------------
[Matching Patterns]
From = sipsscuser|sipvicious
[Deploy Patterns]
$response = 603
----------------------------------------
If you have a list of acceptable IP addresses, I recommend that you use the IP address filtering with "allow".
If they use another User-Agent name, your DialPlan rule will not work...
Sometime they use "sundayddr" or "Asterisk" as User-Agent.
Also, look at From header. Is it "sipsscuser" or "sipvicious"?
If so, you can use the following DialPlan rule.
----------------------------------------
[Matching Patterns]
From = sipsscuser|sipvicious
[Deploy Patterns]
$response = 603
----------------------------------------
If you have a list of acceptable IP addresses, I recommend that you use the IP address filtering with "allow".
-
NewBrekekeUser
- Posts: 3
- Joined: Fri Sep 30, 2011 5:03 am
- Location: UK
Good Morning
Sorry for the delay in replying, in answer to your questions
Hope: Yes Friendly Scanner rule is placed at the top of the dial plan, I have opened up the SIP packets in wireshark and copied the user-agent out to make sure that the spelling and formatting are correct, and I have applied the rules a number of times as I have put in other rules since this one and they are working correctly
Redroof: The verison of SIP sipvicious is the latest and I have double checked the name it is coming in with, also for testing I changed the SIP vicious user to something else just to see if that would be picked up (it was not).
On our production machines we use IP address filtering which works well, this is just a side project because i find this stuff interesting.
Sorry for the delay in replying, in answer to your questions
Hope: Yes Friendly Scanner rule is placed at the top of the dial plan, I have opened up the SIP packets in wireshark and copied the user-agent out to make sure that the spelling and formatting are correct, and I have applied the rules a number of times as I have put in other rules since this one and they are working correctly
Redroof: The verison of SIP sipvicious is the latest and I have double checked the name it is coming in with, also for testing I changed the SIP vicious user to something else just to see if that would be picked up (it was not).
On our production machines we use IP address filtering which works well, this is just a side project because i find this stuff interesting.
-
NewBrekekeUser
- Posts: 3
- Joined: Fri Sep 30, 2011 5:03 am
- Location: UK
Direct Copy from the webpage
Reject Sipvicious User-Agent=friendly-scanner $response=603
Copy from an exported dialpla.tbl
"Reject Sipvicious", User-Agent="friendly-scanner";, $response="603", "Reject Sipvicious attempts user agent is friendly-scanner"
"Reject Sipvicious vi", From="SipVicious";, $response="603", "Reject Sipvicious attempts user agent is friendly-scanner"
Reject Sipvicious User-Agent=friendly-scanner $response=603
Copy from an exported dialpla.tbl
"Reject Sipvicious", User-Agent="friendly-scanner";, $response="603", "Reject Sipvicious attempts user agent is friendly-scanner"
"Reject Sipvicious vi", From="SipVicious";, $response="603", "Reject Sipvicious attempts user agent is friendly-scanner"