{"id":969,"date":"2016-05-19T18:34:11","date_gmt":"2016-05-19T13:34:11","guid":{"rendered":"http:\/\/alexeyka.zantsev.com\/?p=969"},"modified":"2021-02-28T01:40:36","modified_gmt":"2021-02-27T20:40:36","slug":"acmepacket-go-on-rejecting","status":"publish","type":"post","link":"https:\/\/alexeyka.zantsev.com\/?p=969","title":{"rendered":"AcmePacket: go on rejecting!"},"content":{"rendered":"<p>One more post about INVITE rejecting.<\/p>\n<p>The task: reject malicious SIP traffic coming from some country to our number. All INVITEs contain a From: header with 12-digits number starting with 666. The may also contain a plus sign at the beginning or 810, or +810.<\/p>\n<p>It is also important to set a &#8216;new-value&#8217; parameter, containing a status code and SIP description (in form of &#8220;Code:Description&#8221;), as some (or maybe most) PBXses\/softswitches\/proxies go on sending INVITEs if we just do &#8216;action reject&#8217;. After answering from AcmePacket with something like &#8220;403 Forbidden&#8221; the remote side stops sending endless INVITEs to AcmePacket.<\/p>\n<p><a href=\"https:\/\/alexeyka.zantsev.com\/wp-content\/uploads\/2016\/05\/acme_reject_with_prefix.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-976\" src=\"http:\/\/alexeyka.zantsev.com\/wp-content\/uploads\/2016\/05\/acme_reject_with_prefix.png\" alt=\"acme_reject_with_prefix\" width=\"550\" height=\"350\" \/><\/a><\/p>\n<p>Part of sip-manipulation:<\/p>\n<pre>        header-rule\n                name                                    dropHACKERS\n                header-name                             From\n                action                                  manipulate\n                comparison-type                         pattern-rule\n                msg-type                                any\n                methods                                 INVITE\n                match-value                             \n                new-value                               \n                element-rule\n                        name                                    dropHACKERS1\n                        parameter-name                          From\n                        type                                    uri-phone-number-only\n                        action                                  reject\n                        match-val-type                          any\n                        comparison-type                         pattern-rule\n                        match-value                             666[0-9]{9}$\n                        new-value                               403:Forbidden\n<\/pre>\n<p>This is how it looks like after rejecting malicious INVITE with &#8220;403 Forbidden&#8221;:<br \/>\n<a href=\"https:\/\/alexeyka.zantsev.com\/wp-content\/uploads\/2016\/05\/acme_reject_with_prefix2.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-983\" src=\"http:\/\/alexeyka.zantsev.com\/wp-content\/uploads\/2016\/05\/acme_reject_with_prefix2.jpg\" alt=\"acme_reject_with_prefix2\" width=\"500\" height=\"70\" \/><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>One more post about INVITE rejecting. The task: reject malicious SIP traffic coming from some country to our number. All INVITEs contain a From: header with 12-digits number starting with 666. The may also contain a plus sign at the beginning or 810, or +810. It is also important to set a &#8216;new-value&#8217; parameter, containing [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[204,196,195],"class_list":["post-969","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-acme","tag-acme-packet","tag-acmepacket"],"_links":{"self":[{"href":"https:\/\/alexeyka.zantsev.com\/index.php?rest_route=\/wp\/v2\/posts\/969","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/alexeyka.zantsev.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/alexeyka.zantsev.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/alexeyka.zantsev.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/alexeyka.zantsev.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=969"}],"version-history":[{"count":12,"href":"https:\/\/alexeyka.zantsev.com\/index.php?rest_route=\/wp\/v2\/posts\/969\/revisions"}],"predecessor-version":[{"id":3658,"href":"https:\/\/alexeyka.zantsev.com\/index.php?rest_route=\/wp\/v2\/posts\/969\/revisions\/3658"}],"wp:attachment":[{"href":"https:\/\/alexeyka.zantsev.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=969"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/alexeyka.zantsev.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=969"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/alexeyka.zantsev.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=969"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}