{"id":578,"date":"2017-11-14T05:02:41","date_gmt":"2017-11-13T22:02:41","guid":{"rendered":"http:\/\/www.otakudang.org\/?p=578"},"modified":"2017-11-14T05:14:36","modified_gmt":"2017-11-13T22:14:36","slug":"tips-menambah-rule-blocking-unauthorized-call-attempt-di-kamailio","status":"publish","type":"post","link":"https:\/\/www.otakudang.org\/?p=578","title":{"rendered":"[TIPS] Menambah Rule Blocking Unauthorized Call Attempt Di Kamailio"},"content":{"rendered":"<p>Suatu pagi kebangun gara-gara laper. Sambail makan, sambil buka Homer Capture Server, nemu log unauthorized call seperti ini banyak sekali:<\/p>\n<p><a href=\"http:\/\/www.otakudang.org\/wp-content\/uploads\/2017\/11\/unauthorized-calls-1.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-581\" src=\"http:\/\/www.otakudang.org\/wp-content\/uploads\/2017\/11\/unauthorized-calls-1.jpg\" alt=\"\" width=\"1270\" height=\"628\" srcset=\"https:\/\/www.otakudang.org\/wp-content\/uploads\/2017\/11\/unauthorized-calls-1.jpg 1270w, https:\/\/www.otakudang.org\/wp-content\/uploads\/2017\/11\/unauthorized-calls-1-300x148.jpg 300w, https:\/\/www.otakudang.org\/wp-content\/uploads\/2017\/11\/unauthorized-calls-1-768x380.jpg 768w, https:\/\/www.otakudang.org\/wp-content\/uploads\/2017\/11\/unauthorized-calls-1-1024x506.jpg 1024w\" sizes=\"auto, (max-width: 1270px) 100vw, 1270px\" \/><\/a><\/p>\n<p>Click detail\u00a0<em>CallID<\/em>:<\/p>\n<p><a href=\"http:\/\/www.otakudang.org\/wp-content\/uploads\/2017\/11\/unauthorized-calls-01.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-582\" src=\"http:\/\/www.otakudang.org\/wp-content\/uploads\/2017\/11\/unauthorized-calls-01.png\" alt=\"\" width=\"1314\" height=\"644\" srcset=\"https:\/\/www.otakudang.org\/wp-content\/uploads\/2017\/11\/unauthorized-calls-01.png 1314w, https:\/\/www.otakudang.org\/wp-content\/uploads\/2017\/11\/unauthorized-calls-01-300x147.png 300w, https:\/\/www.otakudang.org\/wp-content\/uploads\/2017\/11\/unauthorized-calls-01-768x376.png 768w, https:\/\/www.otakudang.org\/wp-content\/uploads\/2017\/11\/unauthorized-calls-01-1024x502.png 1024w\" sizes=\"auto, (max-width: 1314px) 100vw, 1314px\" \/><\/a><\/p>\n<p>Sebenarnya sudah ada module antiflood\u00a0<em>pike.so<\/em>, cuma saya orangnya risih ngelihat seperti ini sempet lewat di log. Akhirnya saya tambahkan rule berikut di SIP Server Kamailio:<\/p>\n<p>Di bagian\u00a0<em>route\u00a0<\/em>utama :<\/p>\n<pre>\r\nroute{\r\n    ...\r\n    # bantai dulu, check belakangan\r\n    route(SECURITY_CHECKS);\r\n    ...\r\n}<\/pre>\n<p>Kemudian di\u00a0<em>subroute<\/em>:<\/p>\n<pre>#bantai dulu, check belakangan.\r\nroute[SECURITY_CHECKS] \r\n{\r\n    if (is_method(\"INVITE|REGISTER\")) {\r\n        if($ua =~ \"(friendly-scanner|sipvicious)\") {\r\n            xlog(\"L_INFO\",\"Scanner dari  $si. \");\r\n            exit;\r\n        }\r\n\r\n        # nemu $fU trunk di Homer:\r\n        if($fU =~ \"(trunk)\") {\r\n            xlog(\"L_INFO\",\"calls attempt from bogus $si . Blocked! Tanpa tabayyun!\");\r\n            exit;\r\n        }\r\n    }\r\n}<\/pre>\n<p>Rule di atas akan melakukan drop transaction ketika menemukan parameter\u00a0<em>User Agent\u00a0<\/em>bernama\u00a0<em>friendly-scanner<\/em> atau\u00a0<em>sipvicious<\/em>. Selain itu juga akan ngeblok\u00a0<em>from user\u00a0<\/em>dari header\u00a0<em>FROM<\/em> SIP packet bernama &#8220;<em>trunk&#8221;\u00a0<\/em>yang barusan tadi ketemu di log Homer.<\/p>\n<p>Selanjutnya tinggal reload Kamailio dan tunggu hasilnya, dan bener saja, di log langsung muncul:<\/p>\n<pre>\r\nNov 14 04:44:36 ss kamailio[11188]: INFO:  calls attempt from bogus 185.107.83.130 . Blocked! Tanpa tabayyun!\r\nNov 14 04:50:10 ss kamailio[11171]: INFO:  calls attempt from bogus 185.107.83.132 . Blocked! Tanpa tabayyun!\r\nNov 14 05:04:19 ss kamailio[11172]: INFO:  calls attempt from bogus 185.107.83.130 . Blocked! Tanpa tabayyun!\r\n<\/pre>\n<p>Kalau mau lebih kreatip lagi, log tersebut bisa ditambahkan di regex fail2ban, dan ketika sudah muncul sekian kali bisa langsung diblok permanen. Tapi tidak saya bahas dulu di sini, mungkin besok-besok.<\/p>\n<p>Dan kalau masih bingung dengan variable $fU, $si, $ua dst, itu adalah pseudo variable dari Kamailio, yang listnya bisa dilihat di :<\/p>\n<p style=\"padding-left: 30px;\"><a href=\"https:\/\/www.kamailio.org\/wiki\/cookbooks\/4.2.x\/pseudovariables\">https:\/\/www.kamailio.org\/wiki\/cookbooks\/4.2.x\/pseudovariables<\/a><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Suatu pagi kebangun gara-gara laper. Sambail makan, sambil buka Homer Capture Server, nemu log unauthorized call seperti ini banyak sekali: Click detail\u00a0CallID: Sebenarnya sudah ada module antiflood\u00a0pike.so, cuma saya orangnya risih ngelihat seperti ini sempet lewat di log. Akhirnya saya tambahkan rule berikut di SIP Server Kamailio: Di bagian\u00a0route\u00a0utama : route{ &#8230; # bantai dulu, &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/www.otakudang.org\/?p=578\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;[TIPS] Menambah Rule Blocking Unauthorized Call Attempt Di Kamailio&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-578","post","type-post","status-publish","format-standard","hentry","category-telephony","entry"],"_links":{"self":[{"href":"https:\/\/www.otakudang.org\/index.php?rest_route=\/wp\/v2\/posts\/578","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.otakudang.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.otakudang.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.otakudang.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.otakudang.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=578"}],"version-history":[{"count":7,"href":"https:\/\/www.otakudang.org\/index.php?rest_route=\/wp\/v2\/posts\/578\/revisions"}],"predecessor-version":[{"id":589,"href":"https:\/\/www.otakudang.org\/index.php?rest_route=\/wp\/v2\/posts\/578\/revisions\/589"}],"wp:attachment":[{"href":"https:\/\/www.otakudang.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=578"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.otakudang.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=578"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.otakudang.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=578"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}