[Spce-user] catch null useragent in register or invite.

gerry kernan gerry.kernan at infinityit.ie
Mon Feb 15 08:06:17 EST 2016


Hi 
 
I'm using the line in below kamailio-loadbalancer to catch any malicious registers or invites from known malicious UA types. I've noticed recently that we are getting invites and registers without any UA, I'm trying to catch these attempts with 
 
$ua == "<null>"  but I'm not catching them, is the syntax correct ?. all other regex are catching correctly so maybe <null> is incorrect.
 
 
if(is_method("REGISTER|INVITE") && ($ua =~ "^friendly.+" || $ua =~ "^sipvici.+" || $ua =~ "^sipcli.+" || $ua =~ "^VaxSIPUser.+" || $ua == "MizuPhone" || $ua == "voip" || $ua == "<null>"))
        {
                xlog("L_WARN", "Request rejected, malicious UA='$ua' IP='$si' - [% logreq_init -%]\n");
                exit;
 
 
 
 
Gerry Kernan
 
 
Infinity IT   |   17 The Mall   |   Beacon Court   |   Sandyford   |   Dublin D18 E3C8   |   Ireland
Tel:  +353 - (0)1 - 293 0090   |   E-Mail:  gerry.kernan at infinityit.ie
 
Managed IT Services       Infinity IT - www.infinityit.ie
IP Telephony                    Asterisk Consulting - www.asteriskconsulting.com
Contact Centre                Total Interact - www.totalinteract.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/mailman/private/spce-user_lists.sipwise.com/attachments/20160215/fa51a108/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 2681 bytes
Desc: not available
URL: <http://lists.sipwise.com/mailman/private/spce-user_lists.sipwise.com/attachments/20160215/fa51a108/attachment.jpg>


More information about the Spce-user mailing list