SIP Register Filtering

From TBwiki
Jump to: navigation, search


Contents

SIP Register Filtering

The SIP Register Filtering feature allows monitoring of SIP registration messages and manipulation of the SIP registration flow. It could be used to protect the system against fraudulent SIP registration requests (i.e. as a scanner protection mechanism).

SIP Register Filtering configuration contains a list of rules to verify when receiving a SIP registration message. Each rule contains a list of conditions and a list of actions. Each SIP registration messages are verified against the SIP Register Filtering rule conditions. When a SIP registration message matches the conditions of a SIP Register Filtering rule, the actions of the rule get executed.

SIP Register Filtering Rules

The SIP Register Filtering rules are divides into 2 categories:

  • Inbound Rules:
Rules that applies to SIP registration messages coming from a User-Agent.
  • Outbound Rules:
Rules that applies to SIP registration messages coming from a registrar.


A SIP Register Filtering rule contains multiple conditions that could be ORed or ANDed. The logical combinaison of the conditions matching test decides whether or not to execute actions of the rule. When a SIP message matches a rule, depending on the type of action and the rule Continue option, SIP Register Filtering may not continue with next rule of the list after execution of current rule actions.

SIP Register Filtering Rule Conditions

The mandatory SIP Register Filtering rule condition fields are:

  • Operand
  • Operator
  • Value

Optionaly, the rule condition may contain a Header Type field identifier depending on selected Operand (i.e. when Operand selection is Header).

Operand

There is three types of supported Operands:

  • Request-Line
The Request-Line operand type refers to the first line of a SIP register request message.
  • Status-Line:
The Status-Line operand type refers to the first line of a SIP register response message.
  • Header:
The Header operand type refers to a specific header of a SIP register message identified by the Header Type field.

Value

The Value field contains the value or a regular expression to compare or match against the Operand applying the selected Operator.

Operator

Here is the list of supported Operators:

  • equal:
The equal operator is verifying if Value field is equal to the identified Operand (i.e. compares all characters of the Operand to Value).
  • not_equal:
The not_equal operator is verifying if Value field is not equal to the identified Operand (i.e. compares all characters of the Operand to Value).
  • matches_regex:
The matches_regex operator is verifying if Value field regular expression matches the selected Operand.
  • does_not_match_regex:
The does_not_match_regex operator is verifying if Value field regular expression does not match the selected Operand.
  • begins_with:
The begins_with operator is verifying if Value field appears at the beginning of the selected Operand.
  • does_not_begin_with:
The does_not_begin_with operator is verifying if Value field does not appear at the beginning of the selected Operand.
  • contains:
The contains operator is verifying if Value field appears in the selected Operand at any position.
  • does_not_contain:
The does_not_contains operator is verifying if Value field does not appear in the selected Operand at any position.

Header Type

Here is the list of supported Header Types:

  • Authorization
  • Call-ID
  • Contact
  • Content-Length
  • CSeq
  • Expires
  • From
  • Max-Forwards
  • Min-Expires
  • Route
  • To
  • User-Agent
  • Via

These Header Types are used to identify which header in the SIP message to verify when selected Operand is Header in the rule condition.

SIP Register Filtering Rule Actions

The SIP Register Filtering Rule Action are executed when the rule conditions are meet. The action could be a final action. This mean that selected action does not allowed futher processing on the SIP register message. When it is not a final action then depending on the rule Continue field setting, the SIP Register Filtering processing will continue or not with the next rule in the list.

There is three types of actions:

  • Pass
  • Reject
  • Drop

Pass

The Pass action is not modifying the SIP registration flow. The statistics counters get updated. This allow watching of the SIP registration flow without intervention on the SIP registration flow.

Reject

The Reject action is modifying the SIP registration flow. The Reject action is a final action and is allowed only as an Inbound rule action (i.e. on on SIP register request). The SIP register request gets rejected immediately by returning a SIP response message containing the specified Response Code and Reason Phrase. The Response Code and the Reason Phrase of a Reject action will appear in the Status-Line and the Reason header of the SIP response message sent back to User-Agent.

Drop

The Drop action is modifying the SIP registration flow. The Drop action is also a final action and is allowed as an Inbound or Outbound rule action. The SIP register request and/or response message gets silently dropped immediately.

Configuration

Example configuration

In this example we want to allow only registrations with users 1001 to 1199.
A new Inbound rule is created for the REGISTER method.
Sample_register_filtering_1.png

Then a new condition with the "To:" SIP header and Operator "does_not_match_regex". The regex for 1001 to 1199 can be this: ":1(0|1)..@"
Sample_register_filtering_2.png
You can also use these other examples:

Pass from 1000 to 1003 ->  :100(0|1|2|3)@
Pass from 1000 to 1009 ->  :(100.)@

Then create an action to Reject (or Drop) the request:
Sample_register_filtering_3.png

Personal tools