Skip to Content.
Sympa Menu - Re: [] Use of DNS SRV for SIP SP** prevention

Subject: SIP in higher education

List archive

Re: [] Use of DNS SRV for SIP SP** prevention

Chronological Thread 
  • From: Christian Schlatter <>
  • To:
  • Subject: Re: [] Use of DNS SRV for SIP SP** prevention
  • Date: Fri, 21 Jul 2006 00:28:08 -0400

Candace Holman wrote:
Here is the archived mail that discusses John Todd's idea for use of DNS SRV records for domain-authentication-based SIP spam prevention. The proof of concept Asterisk script is listed at the end of the email. If anyone would like to embellish/optimize the script or apply to SER, please consider posting your efforts back to the mailing list.

I did a quick test using John's script with OpenSER. It can be very easily integrated:

At the end of the script I added

# If you are running Asterisk and want to use this script as an AGI,
# just comment out the first "echo" line below and uncomment the
# Asterisk AGI "SET VARIABLE" line to replace it.
echo $match

# ---- NEW: return value for OpenSER ----
if [ -n "$match" ]; then
exit 0
exit -1
# ---------------------------------------

# end

One can then call the script in the OpenSER config like (assuming that the script is at /opt/checksrv):

if (!method=="REGISTER") {
# authenticate requests coming from local endpoints
if (from_uri==myself) {
if (!proxy_authorize("", "subscriber")) {
proxy_challenge("", "0");
} else {
# does the source IP match one of the From URI domain SRV records
# (only done for SIP requests from foreign domains)
if (!exec_msg("/opt/checksrv -v '$fd' '$si' >> /opt/checksrv.log")){
xlog("L_INFO", "checksrv FAILED\n");
# check failed, e.g. send call to IVR
} else {
xlog("L_INFO", "checksrv PASSED\n");
# from uri domain checked

/opt/checksrv.log includes checksrv's output. This only works with OpenSER > 1.0.1 and only _sip._udp SRV records are checked. For better performance the SRV check should be done in an OpenSER C module.


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Archive powered by MHonArc 2.6.16.

Top of Page