<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:"Century Gothic";
        panose-1:2 11 5 2 2 2 2 2 2 4;}
@font-face
        {font-family:"Lucida Console";
        panose-1:2 11 6 9 4 5 4 2 2 4;}
@font-face
        {font-family:Consolas;
        panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
        {font-family:Verdana;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;
        color:black;
        mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:#0563C1;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:#954F72;
        text-decoration:underline;}
p
        {mso-style-priority:99;
        mso-margin-top-alt:auto;
        margin-right:0cm;
        mso-margin-bottom-alt:auto;
        margin-left:0cm;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;
        color:black;
        mso-fareast-language:EN-US;}
pre
        {mso-style-priority:99;
        mso-style-link:"HTML Preformatted Char";
        margin:0cm;
        margin-bottom:.0001pt;
        font-size:10.0pt;
        font-family:"Courier New";
        color:black;
        mso-fareast-language:EN-IE;}
span.EmailStyle19
        {mso-style-type:personal;
        font-family:"Calibri",sans-serif;
        color:windowtext;}
span.HTMLPreformattedChar
        {mso-style-name:"HTML Preformatted Char";
        mso-style-priority:99;
        mso-style-link:"HTML Preformatted";
        font-family:Consolas;
        color:black;
        mso-fareast-language:EN-US;}
span.EmailStyle22
        {mso-style-type:personal-reply;
        font-family:"Calibri",sans-serif;
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:612.0pt 792.0pt;
        margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body bgcolor=white lang=EN-IE link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal><span style='color:#1F497D'>Hi Barry and Daniel<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>Thanks for your quick responses .<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><div><p class=MsoNormal><b><span lang=NL style='font-size:12.0pt;font-family:"Century Gothic",sans-serif;color:#4D4D4D;mso-fareast-language:EN-IE'>Gerry Kernan</span></b><span lang=NL style='font-size:12.0pt;font-family:"Century Gothic",sans-serif;color:#4D4D4D;mso-fareast-language:EN-IE'><o:p></o:p></span></p><p class=MsoNormal><span lang=NL style='font-size:10.0pt;font-family:"Century Gothic",sans-serif;color:gray;mso-fareast-language:EN-IE'> <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Century Gothic",sans-serif;color:gray;mso-fareast-language:EN-IE'><img width=172 height=51 id="_x0000_i1026" src="cid:image001.jpg@01D167F3.44E27260" alt="cid:image001.jpg@01D105A5.2701B0E0"><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Century Gothic",sans-serif;color:gray;mso-fareast-language:EN-IE'><o:p> </o:p></span></p><p class=MsoNormal style='line-height:115%'><b><span style='font-size:10.0pt;line-height:115%;font-family:"Century Gothic",sans-serif;color:#4D4D4D;mso-fareast-language:EN-IE'>Infinity IT   |   17 The Mall   |   Beacon Court   |   Sandyford   |   Dublin D18 E3C8   |   Ireland<o:p></o:p></span></b></p><p class=MsoNormal style='line-height:115%'><b><span style='font-size:10.0pt;line-height:115%;font-family:"Century Gothic",sans-serif;color:#4D4D4D;mso-fareast-language:EN-IE'>Tel:  +353 - (0)1 - 293 0090   |   E-Mail:  </span></b><span style='font-size:10.0pt;line-height:115%;font-family:"Century Gothic",sans-serif;color:#1F497D;mso-fareast-language:EN-IE'><a href="mailto:gerry.kernan@infinityit.ie">gerry.kernan@infinityit.ie</a></span><b><span style='font-size:10.0pt;line-height:115%;font-family:"Century Gothic",sans-serif;color:red;mso-fareast-language:EN-IE'><o:p></o:p></span></b></p><p class=MsoNormal style='line-height:115%'><b><span style='font-size:10.0pt;line-height:115%;font-family:"Century Gothic",sans-serif;color:red;mso-fareast-language:EN-IE'><o:p> </o:p></span></b></p><p class=MsoNormal style='line-height:115%'><b><span style='font-size:10.0pt;line-height:115%;font-family:"Century Gothic",sans-serif;color:red;mso-fareast-language:EN-IE'>Managed IT Services<u>       </u>Infinity IT</span></b><span style='font-size:10.0pt;line-height:115%;font-family:"Century Gothic",sans-serif;color:red;mso-fareast-language:EN-IE'> </span><span style='font-size:10.0pt;line-height:115%;font-family:"Century Gothic",sans-serif;color:#4D4D4D;mso-fareast-language:EN-IE'>- </span><span style='font-size:12.0pt;line-height:115%;color:#1F497D;mso-fareast-language:EN-IE'><a href="http://www.infinityit.ie/"><span style='font-size:10.0pt;line-height:115%;font-family:"Century Gothic",sans-serif'>www.infinityit.ie</span></a></span><span style='font-size:10.0pt;line-height:115%;font-family:"Century Gothic",sans-serif;color:#4D4D4D;mso-fareast-language:EN-IE'><o:p></o:p></span></p><p class=MsoNormal style='line-height:115%'><b><span style='font-size:10.0pt;line-height:115%;font-family:"Century Gothic",sans-serif;color:#767171;mso-fareast-language:EN-IE'>IP Telephony<u>                    </u>Asterisk Consulting</span></b><span style='font-size:10.0pt;line-height:115%;font-family:"Century Gothic",sans-serif;color:#767171;mso-fareast-language:EN-IE'> </span><span style='font-size:10.0pt;line-height:115%;font-family:"Century Gothic",sans-serif;color:#4D4D4D;mso-fareast-language:EN-IE'>– </span><span style='font-size:12.0pt;line-height:115%;color:#1F497D;mso-fareast-language:EN-IE'><a href="http://www.asteriskconsulting.com"><span style='font-size:10.0pt;line-height:115%;font-family:"Century Gothic",sans-serif'>www.asteriskconsulting.com</span></a></span><span style='font-size:10.0pt;line-height:115%;font-family:"Century Gothic",sans-serif;color:#4D4D4D;mso-fareast-language:EN-IE'><o:p></o:p></span></p><p class=MsoNormal style='line-height:115%'><b><span style='font-size:10.0pt;line-height:115%;font-family:"Century Gothic",sans-serif;color:#FF8A15;mso-fareast-language:EN-IE'>Contact Centre<u>                </u>Total Interact</span></b><span style='font-size:10.0pt;line-height:115%;font-family:"Century Gothic",sans-serif;color:#FFC000;mso-fareast-language:EN-IE'> </span><span style='font-size:10.0pt;line-height:115%;font-family:"Century Gothic",sans-serif;color:#4D4D4D;mso-fareast-language:EN-IE'>– </span><span style='font-size:12.0pt;line-height:115%;color:#1F497D;mso-fareast-language:EN-IE'><a href="http://www.totalinteract.com"><span style='font-size:10.0pt;line-height:115%;font-family:"Century Gothic",sans-serif'>www.totalinteract.com</span></a></span><span style='font-size:10.0pt;line-height:115%;font-family:"Century Gothic",sans-serif;color:#4D4D4D;mso-fareast-language:EN-IE'><o:p></o:p></span></p></div><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US style='color:windowtext;mso-fareast-language:EN-IE'>From:</span></b><span lang=EN-US style='color:windowtext;mso-fareast-language:EN-IE'> Spce-user [mailto:spce-user-bounces@lists.sipwise.com] <b>On Behalf Of </b>Daniel Grotti<br><b>Sent:</b> Monday 15 February 2016 13:15<br><b>To:</b> spce-user@lists.sipwise.com<br><b>Subject:</b> Re: [Spce-user] catch null useragent in register or invite.<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal style='margin-bottom:12.0pt'>Hi Gerry,<br>please try this in kamilio/proxy/kamailio.cfg it works for me.<br>For the null, try to check <span style='font-size:10.0pt;font-family:"Lucida Console",serif'>$ua == $null:</span><br><br><br>if( is_method("REGISTER|INVITE") && $sp != "5080" && !has_totag() )<br>        {<br>                if(<span style='font-size:10.0pt;font-family:"Lucida Console",serif'>$ua =~ "^friendly.+" || $ua =~ "^sipvici.+" || $ua =~ "^sipcli.+" || $ua =~ "^VaxSIPUser.+" || $ua == "MizuPhone" || $ua == "voip" || $ua == $null</span> )<br>                {<br>                        xlog("L_NOTICE", "UA='$ua' rejected - S=$rs SS='$rr' M=$rm R=$ru F=$fu T=$tu IP=$pr:$si:$sp UAIP=$si UA='$ua' ID=$ci \n");<br>                        exit;<br>                }<br>        }<br>        ##end<br><br><br><br>I would be careful for the $null, cause you may reject good messages, just without User-Agent header.<br><br><br><br><span style='font-size:12.0pt;mso-fareast-language:EN-IE'><o:p></o:p></span></p><div><div style='border-top:dotted #AEB1A6 1.0pt;border-left:none;border-bottom:dotted #AEB1A6 1.0pt;border-right:none;padding:6.0pt 0cm 6.0pt 0cm;margin-top:4.5pt;margin-bottom:4.5pt'><p class=MsoNormal style='line-height:12.0pt'><strong><span style='font-size:7.5pt;font-family:"Verdana",sans-serif;color:#333333;text-transform:uppercase'>Daniel Grotti </span></strong><span style='font-size:8.5pt;font-family:"Verdana",sans-serif;color:#555555'><br>Head of Customer Support <o:p></o:p></span></p><p style='line-height:12.0pt'><span style='font-size:8.5pt;font-family:"Verdana",sans-serif;color:#555555'><a href="http://www.sipwise.com">Sipwise GmbH </a>, Campus 21/Europaring F15<br>AT-2345 Brunn am Gebirge <o:p></o:p></span></p><p style='line-height:12.0pt'><span style='font-size:8.5pt;font-family:"Verdana",sans-serif;color:#555555'>Phone:  <a href="callto:+4313012032">+43(0)1 301 2032 </a><br>Email:  <a href="mailto:dgrotti@sipwise.com">dgrotti@sipwise.com </a><br>Website:  <a href="http://www.sipwise.com">www.sipwise.com </a><o:p></o:p></span></p><p style='line-height:12.0pt'><span style='font-size:8.5pt;font-family:"Verdana",sans-serif;color:#555555'>Particulars according Austrian Companies Code paragraph 14<br>"Sipwise GmbH" - Europaring F15 - 2345 Brunn am Gebirge<br>FN:305595f, Commercial Court Vienna, ATU64002206 <o:p></o:p></span></p></div></div><div><p class=MsoNormal>On 02/15/2016 02:06 PM, gerry kernan wrote:<span style='font-size:12.0pt;font-family:"Times New Roman",serif'><o:p></o:p></span></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal>Hi <o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>I’m using the line in below kamailio-loadbalancer to catch any malicious registers or invites from known malicious UA types. I’ve noticed recently that we are getting invites and registers without any UA, I’m trying to catch these attempts with <o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Lucida Console",serif'>$ua == "<null>"  but I’m not catching them, is the syntax correct ?. all other regex are catching correctly so maybe <null> is incorrect.</span><o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Lucida Console",serif'>if(is_method("REGISTER|INVITE") && ($ua =~ "^friendly.+" || $ua =~ "^sipvici.+" || $ua =~ "^sipcli.+" || $ua =~ "^VaxSIPUser.+" || $ua == "MizuPhone" || $ua == "voip" || $ua == "<null>"))</span><o:p></o:p></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Lucida Console",serif'>        {</span><o:p></o:p></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Lucida Console",serif'>                xlog("L_WARN", "Request rejected, malicious UA='$ua' IP='$si' - [% logreq_init -%]\n");</span><o:p></o:p></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:10.0pt;font-family:"Lucida Console",serif'>                exit;</span><o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal><b><span lang=NL style='font-size:12.0pt'>Gerry Kernan</span></b><o:p></o:p></p><p class=MsoNormal><span lang=NL style='font-size:10.0pt'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt'><img border=0 width=172 height=51 id="Picture_x0020_3" src="cid:image001.jpg@01D167F3.44E27260" alt="cid:image001.jpg@01D105A5.2701B0E0"></span><o:p></o:p></p><p class=MsoNormal><span style='font-size:10.0pt'> </span><o:p></o:p></p><p class=MsoNormal style='line-height:115%'><b><span style='font-size:10.0pt;line-height:115%'>Infinity IT   |   17 The Mall   |   Beacon Court   |   Sandyford   |   Dublin D18 E3C8   |   Ireland</span></b><o:p></o:p></p><p class=MsoNormal style='line-height:115%'><b><span style='font-size:10.0pt;line-height:115%'>Tel:  +353 - (0)1 - 293 0090   |   E-Mail:  </span></b><span style='font-size:10.0pt;line-height:115%;color:#0563C1'><a href="mailto:gerry.kernan@infinityit.ie">gerry.kernan@infinityit.ie</a></span><o:p></o:p></p><p class=MsoNormal style='line-height:115%'><b><span style='font-size:10.0pt;line-height:115%'> </span></b><o:p></o:p></p><p class=MsoNormal style='line-height:115%'><b><span style='font-size:10.0pt;line-height:115%'>Managed IT Services<u>       </u>Infinity IT</span></b><span style='font-size:10.0pt;line-height:115%'> - </span><span style='font-size:10.0pt;line-height:115%;mso-fareast-language:EN-IE'><a href="http://www.infinityit.ie">www.infinityit.ie</a></span><o:p></o:p></p><p class=MsoNormal style='line-height:115%'><b><span style='font-size:10.0pt;line-height:115%'>IP Telephony<u>                    </u>Asterisk Consulting</span></b><span style='font-size:10.0pt;line-height:115%'> – </span><span style='font-size:10.0pt;line-height:115%;mso-fareast-language:EN-IE'><a href="http://www.asteriskconsulting.com">www.asteriskconsulting.com</a></span><o:p></o:p></p><p class=MsoNormal style='line-height:115%'><b><span style='font-size:10.0pt;line-height:115%'>Contact Centre<u>                </u>Total Interact</span></b><span style='font-size:10.0pt;line-height:115%'> – </span><span style='font-size:10.0pt;line-height:115%;mso-fareast-language:EN-IE'><a href="http://www.totalinteract.com">www.totalinteract.com</a></span><o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman",serif;mso-fareast-language:EN-IE'><br><br><br><o:p></o:p></span></p><pre>_______________________________________________<o:p></o:p></pre><pre>Spce-user mailing list<o:p></o:p></pre><pre><a href="mailto:Spce-user@lists.sipwise.com">Spce-user@lists.sipwise.com</a><o:p></o:p></pre><pre><a href="https://lists.sipwise.com/listinfo/spce-user">https://lists.sipwise.com/listinfo/spce-user</a><o:p></o:p></pre></blockquote><p class=MsoNormal><span style='font-size:12.0pt;font-family:"Times New Roman",serif;mso-fareast-language:EN-IE'><o:p> </o:p></span></p></div></body></html>