[Spce-user] Disable calls after midnight...
Martin Wong
martin.wong at binaryelements.com.au
Wed Apr 30 18:44:47 EDT 2014
Hi Lorenzo, the attacks are not to our servers. It's more on the client's
PBXes etc which we don't control which is the issue. Even with Fraud
Protection and education to end users, there's still times when losses are
incurred and are difficult to get back. It's more time consuming to even
find out what happened and push the blame here and there.
Considering that it's always in the midnights/early hours etc where no one
is actively monitoring systems that things occur, we want to just ban the
call outs say to foreign DIDs for the clients who agree.
We thought about updating say iptables at night to stop sip traffic for
example, but that would send alarm bells ringing on monitored systems so
not good.
ᐧ
If you can direct me in someway of how to start this off, we can try it
out. One personal failure is that I'm not proficient enough in Kamailio to
hack it. I know it's not a very good option to "hard code" it in but it'll
be good if we can manage it via another MYSQL table or something.
Thanks
Martin
On Thu, May 1, 2014 at 8:33 AM, Lorenzo Mangani
<lorenzo.mangani at gmail.com>wrote:
> Martin,
>
> That's understandable - If you're willing to resort to "hacks" which would
> potentially impact other functional aspects, then surely you can
> achieve/hardcode this in quite a few ways internally but I'll myself avoid
> giving advice on an approach would not endorse - and probably neither would
> users in case of emergencies ;)
> If you really, really want to blackout services (or certain service) you
> might also just address this from a network interface perspective and
> transparently to the elements. If your hack attempts consist of scanning
> attacks, maybe you can pull some info from the other threads today (or in
> the archive) where ideas on how to enforce further banning rules were
> discussed.
>
>
>
>
> Lorenzo Mangani
>
> HOMER DEV TEAM
> QXIP - Capture Engineering
> Desk: +1 (202) 470-5312
> Mobile: +31 6 4603-2730
>
>
>
>
> On Thu, May 1, 2014 at 12:12 AM, Martin Wong <
> martin.wong at binaryelements.com.au> wrote:
>
>> Hi Lorenzo, thanks for the link.
>>
>> Was looking for a hack in Kamailio to do this? Adding another component
>> into the picture is a bit of a hassle.
>>
>> Thanks
>>
>> Martin
>>
>> On Thu, May 1, 2014 at 1:59 AM, Lorenzo Mangani <
>> lorenzo.mangani at gmail.com> wrote:
>>
>>> Martin,
>>>
>>> You could use something like OS-Prey and set null routes for certain
>>> time ranges.
>>> http://www.transnexus.com/index.php/osprey
>>>
>>> Best,
>>>
>>> Lorenzo Mangani
>>>
>>> HOMER DEV TEAM
>>> QXIP - Capture Engineering
>>> Desk: +1 (202) 470-5312
>>> Mobile: +31 6 4603-2730
>>>
>>>
>>>
>>>
>>> On Wed, Apr 30, 2014 at 5:25 PM, Martin Wong <
>>> martin.wong at binaryelements.com.au> wrote:
>>>
>>>> Hi Daniel,
>>>>
>>>> was thinking ... if I can set it so that we can do a rule like
>>>>
>>>> disable calls for all subscribers except a,b,c....
>>>>
>>>> a,b,c being manually controlled.
>>>>
>>>> Not sure if time can be also managed (group 1, group 2 etc).
>>>>
>>>> I guess I can start simple and then figure out how to group subscribers
>>>> and active times.
>>>>
>>>> On Thu, May 1, 2014 at 12:37 AM, Daniel Grotti <dgrotti at sipwise.com>wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> do you want to disable calls on your platform or do you want to disable
>>>>> calls to/from certain peers/subscribers ?
>>>>>
>>>>> Daniel
>>>>>
>>>>>
>>>>>
>>>>> On 04/30/2014 04:30 PM, Martin Wong wrote:
>>>>> > Hi guys,
>>>>> >
>>>>> > is there a hack where I can disable any calls matching foreign calls
>>>>> or
>>>>> > subscribers after midnight?
>>>>> >
>>>>> > Just a thought as we do have a lot of issues with customer end points
>>>>> > getting hacked (we don't manage them). Fraud protection works but it
>>>>> > happens too much too often that it still amounts to something.
>>>>> >
>>>>> > Thanks
>>>>> >
>>>>> > Martin
>>>>> > ᐧ
>>>>> >
>>>>> >
>>>>> > _______________________________________________
>>>>> > Spce-user mailing list
>>>>> > Spce-user at lists.sipwise.com
>>>>> > http://lists.sipwise.com/listinfo/spce-user
>>>>> >
>>>>>
>>>>> _______________________________________________
>>>>> Spce-user mailing list
>>>>> Spce-user at lists.sipwise.com
>>>>> http://lists.sipwise.com/listinfo/spce-user
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> Spce-user mailing list
>>>> Spce-user at lists.sipwise.com
>>>> http://lists.sipwise.com/listinfo/spce-user
>>>>
>>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/attachments/20140501/3da779cc/attachment-0001.html>
More information about the Spce-user
mailing list