APIBAN Integration
APIBAN is a free service that helps prevent unwanted SIP traffic by identifying addresses of known bad actors. The suspicious IP addresses are collected through globally deployed honeypots and curated by APIBAN. While the VSXi DDoS feature will identify any intruding IPs and block them dynamically, the APIBAN dataset can be used as a blacklist of IPs with to ignore/block unwanted traffic.
The VSXi integration consists in using SMC Profile with Data File to store a local copy of APIBANs IP dataset.
The SMC Profile must be applied at the Service Port level. In doing any packet that matches a suspicious IP is dropped immediately.
{
"ProfileID": 103,
"ProfileName": "APIBAN Integration",
"Rules": [
{
"MsgType": "REQUEST",
"ReqMethod": "REGISTER,INVITE",
"StoredVariables": [
{
"VariableName": "{$SIP.RemoteIP}",
"Porting": "IMPORT"
}
],
"Action": "REPLACE_MSG",
"ReplaceDefs":[
{
"ReplaceType": "ADD_LINE",
"Header": "From:",
"HeaderAttr": "HEADER_SECTION_ONLY",
"Output": "RemoteIP: {$SIP.RemoteIP}"
}
]
},
{
"MsgType": "REQUEST",
"ReqMethod": "REGISTER,INVITE",
"DataFile": "api_ban_smc.csv",
"DataFileBSearchIndex": 1,
"LogicalConjunction": "OR",
"Conditions": [
{
"Header": "RemoteIP:",
"HeaderAttr": "HEADER_SECTION_ONLY",
"RegEx1": "[0-9]+.[0-9]+.[0-9]+.[0-9]+",
"Operator": "BSEARCH_EQ"
}
],
"Action": "DROP_MSG_RECORD"
},
{
"MsgType": "REQUEST",
"ReqMethod": "REGISTER,INVITE",
"Conditions": [
{
"Header": "RemoteIP:",
"HeaderAttr": "HEADER_SECTION_ONLY",
"Operator": "NEQ",
"RightOperand":""
}
],
"Action": "REPLACE_MSG",
"ReplaceDefs":[
{
"ReplaceType": "DELETE_LINES",
"Header": "RemoteIP:",
"HeaderAttr": "HEADER_SECTION_ONLY"
}
]
}
]
}
Sansay customers under maintenance can request support to subscribe any of their VSXis to this service, at no additional cost. If you prefer to do this yourself, that's also a supported model.