Protection Asterisk when attacking the number 8-800
After reading this article with horror for myself, I realized that we are in no way protected from such an attack. And we can easily get 10-20 thousand rubles a day. I decided to fix this case. I put a protective creampie on my knee - maybe someone will come in handy ...
System preparation
The script is written in php and uses sqlite3 to store information on this you need to install php-cli and php5-sqlite3
in my case, the system is raised on ubunt, so put it
Directly the script itself.
The principle of this. The script is passed the caller's phone number. He enters the number in the database, checks - how many times he has already called and compares it with the rules (they are set in the first line of the script). If limits are exceeded - returns the word 'stop', otherwise it returns 'continue'
')
Connect to Asterisk
It is important to execute the script in the first lines - before calling the Answer () command or any other command that opens the "removes" line.
Let's sort the dialplan according to the lines:
1) Set (resp = $ {SHELL (php /home/scripts/antiddos.php $ {CALLERID (num)})});
call the script and assign the variable resp to the value that the script output to the console
2) Gosubif ($ [$ {resp} == stop]? $ {EXTEN}, $ {MATH ($ {PRIORITY} +1), int}: $ {EXTEN}, $ {MATH ($ {PRIORITY} +2 ), int});
if the value is 'stop', then go to the next instruction of the current dialplan, where the HangUp () command expects us
otherwise, go through the line, and perform further dialplan.
What happens in the end.
If the limit is not exceeded, we get the following SIP session:
So everything is ok, billing has begun.
If we do HandUp () , then the SIP session is:
Decline means that the called user rejected the incoming call. Billing should not start, because There was no conversation and the session ended.
UPD:
When attacking from anonymous numbers, you can slightly modify the script and set a limit on the numbers closed by anti-IDA ...
System preparation
The script is written in php and uses sqlite3 to store information on this you need to install php-cli and php5-sqlite3
in my case, the system is raised on ubunt, so put it
sudo apt-get install php5-cli php5-sqlite Directly the script itself.
The principle of this. The script is passed the caller's phone number. He enters the number in the database, checks - how many times he has already called and compares it with the rules (they are set in the first line of the script). If limits are exceeded - returns the word 'stop', otherwise it returns 'continue'
')
<?php $rules = array( 60 => 2, // 2 ( 60 ) 3600 => 10 // 10 ( 3600 ) ); if (!$argv[1] ) die("please use: '" . $argv[0] . " phone_number' \nfor example: ".$argv[0]." 88121234567\n"); // $db = new SQLite3('/tmp/sqlite.db'); $db->exec('CREATE TABLE IF NOT EXISTS logs (phone bigint(12), datetime int(12))'); // $phone = preg_replace('/[^0-9]/','', $argv[1]); $db->exec("INSERT INTO logs (phone, datetime) VALUES ( '".$phone."','".time()."' )"); foreach( $rules as $secs => $limit ) { $res = $db->query( "SELECT count(*) as `c` FROM logs WHERE `phone` = '".$phone."' AND `datetime` >= " .( time() - $secs ) ); $row = $res->fetchArray(); // if ( $row['c'] > $limit ) { die('stop'); // stop } } // - , $max_period = max(array_keys($rules) ); $db->exec("DELETE FROM logs WHERE `datetime` < " .( time() - $max_period )); // continue die('continue'); ?> Connect to Asterisk
It is important to execute the script in the first lines - before calling the Answer () command or any other command that opens the "removes" line.
exten => 8800XXXXXXX,1,Set(resp=${SHELL(php /home/scripts/antiddos.php ${CALLERID(num)})}); exten => 8800XXXXXXX,2,Gosubif($[${resp}==stop]?${EXTEN},${MATH(${PRIORITY}+1),int}:${EXTEN},${MATH(${PRIORITY}+2),int}); exten => 8800XXXXXXX,3,HangUp(); exten => 8800XXXXXXX,4,Answer(); ... Let's sort the dialplan according to the lines:
1) Set (resp = $ {SHELL (php /home/scripts/antiddos.php $ {CALLERID (num)})});
call the script and assign the variable resp to the value that the script output to the console
2) Gosubif ($ [$ {resp} == stop]? $ {EXTEN}, $ {MATH ($ {PRIORITY} +1), int}: $ {EXTEN}, $ {MATH ($ {PRIORITY} +2 ), int});
if the value is 'stop', then go to the next instruction of the current dialplan, where the HangUp () command expects us
otherwise, go through the line, and perform further dialplan.
What happens in the end.
If the limit is not exceeded, we get the following SIP session:
sip provider me invite => <= trying <= OK ack => So everything is ok, billing has begun.
If we do HandUp () , then the SIP session is:
sip provider me invite => <= trying <= DECLINE ack => Decline means that the called user rejected the incoming call. Billing should not start, because There was no conversation and the session ended.
UPD:
When attacking from anonymous numbers, you can slightly modify the script and set a limit on the numbers closed by anti-IDA ...
Source: https://habr.com/ru/post/144039/
All Articles