< Previous by Date Date Index Next by Date >
  Thread Index Next in Thread >

[reSIProcate] how to drop incoming packets at the socket (transport) layer


Hi,

In most cases our app is deployed with known endpoints.  In this scenario we
can make our app drop incoming packets from unknown endpoints.  If the
packets can be dropped at the network layer, they are never parsed and our
app is that much more secure against DoS and other attacks.  

It is pretty straightforward to modify the Transport/socket related code to
do this, but I am looking for a way in which the resip group would accept a
more general pre-screening solution at the socket layer.  One proposal would
be to add a screening class when calling SipStack::addTransport.  This class
would be able to screen incoming data directly from a socket based on the
transport.  The implementation of the screening is up to the user, in my
case I would check the incoming IP address and allow or disallow the
processing of the packet.

Any thoughts?

Thanks,

-Justin