Re: Using LUA or some other means to create a "kill" list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



from what I heard over the past week, it looks like there is a sharp
increase in H.323 spam...

I'd suggest to use a authentication policy to block spam and not mix it
into call routing if possible. Authentication happens before the
routing process and is designed to handle exactly this.

We recently used SQLAuth with a client to block a SPAM wave, but
depending on the characteristics of the incoming spam you can also pick
LUA or one of the other authentication policies. See


Jan Willamowius, Founder of the GNU Gatekeeper Project
EMail  : jan@xxxxxxxxxxxxxx

Relaxed Communications GmbH
Frahmredder 91
22393 Hamburg
Geschäftsführer: Jan Willamowius
HRB 125261 (Amtsgericht Hamburg)
USt-IdNr: DE286003584

Robert Kulagowski wrote:
> We've started to get probed from the internet and it's annoying our
> administrative staff, because our VCs will wake up and then the other
> side disconnects. Banning the IPs at the firewall is too labor
> intensive and has too long a turn-around time.
> We're using Routing::Explicit to map a one-to-one external IP to each
> internal system.
> I've currently got a vqueue that I already use to manipulate calls,
> but it seems like the only things I can do is either reject the call,
> route to alias, or route to gateway. The vqueue is deeper in the
> RoutingPolicy and is after Explicit.
> If I configure vqueue first in my routing list, I can appropriately
> setup a dynamic "reject" list (with aging, etc) so that these IPs that
> connect and then immediately disconnect will get rejected before the
> GnuGK starts to proxy the call to the internal system. That's easy. :)
> But if I don't reject the call, how do I get the rest of the
> RoutingPolicy to execute? I don't want to try to get my script to then
> become its own gatekeeper; I'd still like the internal, explicit etc
> rules to trigger if the vqueue script allows the call to proceed. I
> also don't think that I want to set a "1 second" timeout, but if
> that's what I need to do to then I can.
> I've tried to route the call back to GnuGK, but that doesn't seem to
> work. (Setting the alias or gateway as the IP of the GnuGK)


Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx

[Index of Archives]     [SIP]     [Open H.323]     [Gnu Gatekeeper]     [Asterisk PBX]     [ISDN Cause Codes]     [Yosemite News]

  Powered by Linux