On 10/24/10 10:53 PM, Alex Balashov wrote:
I ran into this too. The documentation is wrong; you need to put a
realm in there.
For www_authorize(), it's $td. For everything else
(proxy_challenge()), it's $fd.
I guess git and wiki were not available, so you couldn't update ;-)
It turned o
On 10/24/2010 04:44 PM, Sergey Okhapkin wrote:
I'm working on migration of my kamailio.cfg from v1.4 to 3.1 and stuck with
weird problem:
0(25026) ERROR: auth_db [authdb_mod.c:236]: empty parameter 1 not allowed
0(25026) ERROR: [route.c:1161]: fixing failed (code=-1) at
cfg:/usr/local/etc/k
I'm working on migration of my kamailio.cfg from v1.4 to 3.1 and stuck with
weird problem:
0(25026) ERROR: auth_db [authdb_mod.c:236]: empty parameter 1 not allowed
0(25026) ERROR: [route.c:1161]: fixing failed (code=-1) at
cfg:/usr/local/etc/kamailio/kamailio.cfg.31:433
0(25026) ERROR: [ro
On 10/24/10 10:14 PM, Alex Balashov wrote:
On 10/24/2010 03:34 PM, Daniel-Constantin Mierla wrote:
what do you mean by outside process?
For example, with app_lua, the interpreter is linked to the code, so
is no external process, it is like cfg interpreter, just that it
resides in a module, n
On 10/24/10 10:12 PM, Sergey Okhapkin wrote:
Correction - auth module is merged in 3.1, but auth_db modules are still
separate.
yes, only auth modules were merged, like I wrote.
auth_db functions use return codes and API functions from auth module.
Cheers,
Daniel
On Sunday 24 October 2010,
On 10/24/2010 03:34 PM, Daniel-Constantin Mierla wrote:
what do you mean by outside process?
For example, with app_lua, the interpreter is linked to the code, so
is no external process, it is like cfg interpreter, just that it
resides in a module, not in core.
Oh, I did not realise it is so p
Correction - auth module is merged in 3.1, but auth_db modules are still
separate.
On Sunday 24 October 2010, Daniel-Constantin Mierla wrote:
> probably omitted by mistake, but please keep the mailing list cc-ed.
>
> On 10/24/10 3:38 PM, Sergey Okhapkin wrote:
> > Note that I check return code o
On 10/24/10 9:17 PM, Alex Balashov wrote:
On 10/24/2010 03:16 PM, Daniel-Constantin Mierla wrote:
If you use the perl module, then the perl interpreter is embedded,
nothing is spawn. Same is with app_lua module and Lua scripts -
execution should be very fast.
If you invoke other applications
On 10/24/2010 03:16 PM, Daniel-Constantin Mierla wrote:
If you use the perl module, then the perl interpreter is embedded,
nothing is spawn. Same is with app_lua module and Lua scripts -
execution should be very fast.
If you invoke other applications via exec() (exec module) then is
spawning.
On 10/24/10 8:24 PM, Alex Balashov wrote:
On 10/24/2010 12:18 PM, Iñaki Baz Castillo wrote:
Of course, the perfect solution would be Kamailio acting as fail2ban.
This is, "pike" module inserting dynamic rules in iptables. Opinnions?
You could spawn a Perl script that does it, but it'd be ki
probably omitted by mistake, but please keep the mailing list cc-ed.
On 10/24/10 3:38 PM, Sergey Okhapkin wrote:
Note that I check return code of www_authorize to be -1 (invalid user) and
block IP in this case only. Other error codes should not block the IP address.
This one remembered me that i
On 10/24/2010 12:18 PM, Iñaki Baz Castillo wrote:
Of course, the perfect solution would be Kamailio acting as fail2ban.
This is, "pike" module inserting dynamic rules in iptables. Opinnions?
You could spawn a Perl script that does it, but it'd be kind of slow.
I think to come up with a good w
2010/10/24 Daniel-Constantin Mierla :
> Using fail2ban together with IP tables has the advantage of dropping the
> packets before getting to application and eating cpu
I have a testing platfotm with Kamailio and fail2ban working more or
less as explained in this thread. But I wonder if fail2ban is
I watched live an attack on voipuser.org while running 3.1 before
release. It lasted 18 hours. I didn't want to ban it because was useful
for testing and see if it reveals any weak. In most of the cases it hit
pike module. I got some data and plan to make an article about it soon.
Anyhow, as a
I'm second for fail2ban. I block IP addresses with failed registration
attempts for 1 hour. Here is my setup:
kamailio.cfg:
if (is_method("REGISTER")) {
if(www_authorize("", "subscriber") < 0) {
if($rc == -1) {
xlog("L_INFO","Invalid username from $prot
Juha,
I think we should be specially careful about black-lists. We receive
many of these attacks in a per-day basis and a lot of them are from
residential addresses or university, so I'm guessing some kind of worm
or trojan performing the attack from various IPs.
If you have the time, try fail2ba
16 matches
Mail list logo
