[Spce-user] Upgrade from 5.5.5 to 6.5.3 - Block Useragent Edit
Hohl Matthias
matthias.hohl at telematica.at
Wed Mar 20 19:26:45 EDT 2019
Aah the [] has to be removed first… now it works
Von: Spce-user <spce-user-bounces at lists.sipwise.com> Im Auftrag von Hohl Matthias
Gesendet: Donnerstag, 21. März 2019 00:24
An: 'qabane me' <qabaneitsolutions at gmail.com>
Cc: 'Spce-user' <spce-user at lists.sipwise.com>
Betreff: Re: [Spce-user] Upgrade from 5.5.5 to 6.5.3 - Block Useragent Edit
It looks like there is a problem with the syntax:
block_useragents:
action: drop
enable: yes
mode: blacklist
ua_patterns: []
- friendly-scanner
- friendly-request
- sipvicious
- ^sipcli.+
- sip-scan
- sipsak
- sundayddr
- iWar
- CSipSimple
- SIVuS
- Gulp
- sipv
- smap
- VaxIPUserAgent
- VaxSIPUserAgent
- siparmyknife
- Test Agent
If I try to apply the config I get this:
root at spce:~# ngcpcfg apply "config Anpassung Malicious Call"
2019-03-21 00:22:01 spce: Error: Invalid file syntax in /etc/ngcp-config/config.yml:
YAML::XS::Load Error: The problem:
did not find expected key
was found at document: 1, line: 659, column: 7
while parsing a block mapping at line: 655, column: 7
root at spce:~#
Von: qabane me <qabaneitsolutions at gmail.com <mailto:qabaneitsolutions at gmail.com> >
Gesendet: Mittwoch, 20. März 2019 12:20
An: Hohl Matthias <matthias.hohl at telematica.at <mailto:matthias.hohl at telematica.at> >
Cc: Alex Lutay <alutay at sipwise.com <mailto:alutay at sipwise.com> >; Spce-user <spce-user at lists.sipwise.com <mailto:spce-user at lists.sipwise.com> >
Betreff: Re: [Spce-user] Upgrade from 5.5.5 to 6.5.3 - Block Useragent Edit
Thanks Matthias,
There are a few that I did not have in my list so will add them.
Sadly I have found that more and more they use user agents that look legit. Freepbx, cisco, etc.
On Wed, Mar 20, 2019 at 1:14 PM Hohl Matthias <matthias.hohl at telematica.at <mailto:matthias.hohl at telematica.at> > wrote:
Thanks for the info:
Btw, if anybody need it, here is a list of malicious UA for copy&paste:
ua_patterns: []
- friendly-scanner
- friendly-request
- sipvicious
- ^sipcli.+
- sip-scan
- sipsak
- sundayddr
- iWar
- CSipSimple
- SIVuS
- Gulp
- sipv
- smap
- VaxIPUserAgent
- VaxSIPUserAgent
- siparmyknife
- Test Agent
Von: Spce-user <spce-user-bounces at lists.sipwise.com <mailto:spce-user-bounces at lists.sipwise.com> > Im Auftrag von Alex Lutay
Gesendet: Mittwoch, 20. März 2019 11:47
An: spce-user at lists.sipwise.com <mailto:spce-user at lists.sipwise.com>
Betreff: Re: [Spce-user] Upgrade from 5.5.5 to 6.5.3 - Block Useragent Edit
Hi,
On 3/20/19 11:40 AM, Hohl Matthias wrote:
> Oh okay thank you. In version 6.5.3 I didn’t found this information in
> the handbook 😊
Correct, it is new documentation and has been backported to mr6.5 LTS
already. It will be the part of the next mr6.5 build: mr6.5.4
> Thanks again. BTW: the xlog entry is also there then if something got
> blocked?
You can check it in kamailio tt2 config yourself ;-)
> if([% IF kamailio.proxy.block_useragents.mode == "whitelist" %]![% END %]([% FOREACH item IN kamailio.proxy.block_useragents.ua_patterns -%]$x_hdr(User-Agent) =~ "[% item %]"[% IF kamailio.proxy.block_useragents.ua_patterns.last != item %] || [% END %][% END -%]))
> {
> xlog("L_INFO", "Request rejected, bad UA='$x_hdr(User-Agent)' - [% logreq_init -%]\n");
--
Alex Lutay
_______________________________________________
Spce-user mailing list
Spce-user at lists.sipwise.com <mailto:Spce-user at lists.sipwise.com>
https://lists.sipwise.com/listinfo/spce-user
_______________________________________________
Spce-user mailing list
Spce-user at lists.sipwise.com <mailto:Spce-user at lists.sipwise.com>
https://lists.sipwise.com/listinfo/spce-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/attachments/20190321/ee2bada8/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6564 bytes
Desc: not available
URL: <http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/attachments/20190321/ee2bada8/attachment-0001.p7s>
More information about the Spce-user
mailing list