[FREEPBX-22196] SIP device with a lot of BLFs can trigger a responsive firewall block - Sangoma Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 15, 16
Fix Version/s: 14, 15, 16
Component/s: Firewall
Labels:
None

Sprint:
Sprint 45, Sprint 46
ToDo:

Module Fix Version:
- 15.0.8.20
- 16.0.30

Description

Customer was having issues where legitimate phone registrations thru the responsive firewall were being flagged as abuser by responsive and getting blocked. Thru experimentation, they determined that a single device with a lot of BLF subscriptions might be enough to trigger the block. The sequence of steps goes like this:

device Sends SIP REGISTER
Asterisk allows registration
firewall daemon is not yet aware of the registration due to the lag
device sends flood of SUBSCRIBE packets
iptables senses a lot of SIP packets from this device which is not yet whitelisted in responsive and blocks the IP

from this point on, the responsive block stays in place

Gliffy Diagrams

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

Capture.PNG
66 kB
08/Apr/21 6:56 AM
image-2021-02-15-17-08-00-195.png
50 kB
15/Feb/21 11:38 AM
image-2021-02-22-17-45-47-080.png
51 kB
22/Feb/21 12:15 PM
rfwtshld.PNG
13 kB
29/Jun/21 1:55 PM
screenshot-1.png
6.02 MB
18/Feb/21 2:35 PM

Activity

People

Assignee:

Kapil Gupta

Reporter:

Lorne Gaetz

Votes:

2 Vote for this issue

Watchers:

11 Start watching this issue

Dates

Created:

14/Jan/21 10:07 PM

Updated:

06/Jul/21 9:52 AM

Resolved:

06/Jul/21 9:52 AM

Feedback Requested:

17/Feb/21 4:21 AM

NextupJiraPlusStatus

Error rendering 'slack.nextup.jira:nextup-jira-plus-status'. Please contact your Jira administrators.