Method and system for managing a SIP server
First Claim
1. A system comprising an access control component for managing network communications to a Session Initiation Protocol (SIP) server, the access control component being communicatively coupled to a SIP processing component capable of SIP processing based on a received data packet using a SIP stack, the access control component being arranged to:
- receive a data packet sent from a network device to the SIP server, the data packet comprising data indicative of fragmentation information, transport protocol information and SIP data;
determine, from the data packet, whether the network device is recognized by the SIP server, wherein the access control component is arranged to;
determine a network address of the network device;
determine if the network address matches a permitted network address from a set of permitted network addresses; and
if it is determined that the network address matches the permitted network address, pass the received data packet for SIP processing; and
responsive to a determination that the network device is a device that is not recognized by the SIP server and before SIP processing using the SIP stack, determine whether the data packet conforms to a permitted configuration, the permitted configuration comprising at least that data indicative of fragmentation information and transport protocol information indicates an unfragmented User Datagram Protocol (UDP) packet and that at least a portion of data indicative of SIP data in the received data packet matches a parsing rule based on data indicative of a REGISTER request,wherein the access control component is arranged to;
discard the received data packet if it determines that the data packet does not conform to the permitted configuration and pass the received data packet to the SIP processing component if the data packet conforms to the permitted configuration; and
wherein the access control component is further arranged to;
remove the network address of the network device from the set of permitted network addresses.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, system and computer program product are described for managing network communications to a Session Initiation Protocol (SIP) server capable of SIP processing using a SIP stack. A data packet is received from a network device. It is determined, from the data packet, whether the network device is a device recognized by the SIP server. Responsive to this determination, and before SIP processing using the SIP stack, it is determined whether the data packet conforms to a permitted configuration. The permitted configuration includes that data of the data packet indicates an unfragmented User Datagram Protocol (UDP) packet and that data indicative of SIP data in the received data packet matches a parsing rule. If the data packet conforms to the permitted configuration, it is passed to the SIP stack, if not it is discarded.
23 Citations
12 Claims
-
1. A system comprising an access control component for managing network communications to a Session Initiation Protocol (SIP) server, the access control component being communicatively coupled to a SIP processing component capable of SIP processing based on a received data packet using a SIP stack, the access control component being arranged to:
-
receive a data packet sent from a network device to the SIP server, the data packet comprising data indicative of fragmentation information, transport protocol information and SIP data; determine, from the data packet, whether the network device is recognized by the SIP server, wherein the access control component is arranged to; determine a network address of the network device;
determine if the network address matches a permitted network address from a set of permitted network addresses; andif it is determined that the network address matches the permitted network address, pass the received data packet for SIP processing; and responsive to a determination that the network device is a device that is not recognized by the SIP server and before SIP processing using the SIP stack, determine whether the data packet conforms to a permitted configuration, the permitted configuration comprising at least that data indicative of fragmentation information and transport protocol information indicates an unfragmented User Datagram Protocol (UDP) packet and that at least a portion of data indicative of SIP data in the received data packet matches a parsing rule based on data indicative of a REGISTER request, wherein the access control component is arranged to; discard the received data packet if it determines that the data packet does not conform to the permitted configuration and pass the received data packet to the SIP processing component if the data packet conforms to the permitted configuration; and wherein the access control component is further arranged to; remove the network address of the network device from the set of permitted network addresses. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer program product comprising a non-transitory computer-readable storage medium having computer readable instructions stored thereon, the computer readable instructions being executable by a computerized device to cause the computerized device to perform a method of managing network communications to a Session Initiation Protocol (SIP) server capable of SIP processing using a SIP stack based on a received data packet, the method comprising:
-
receiving a data packet from a network device, the data packet comprising data indicative of fragmentation information, transport protocol information and SIP data; determining, from the data packet, whether the network device is a device recognized by the SIP server, wherein the step of determining whether the network device is recognized by the SIP server comprises; determining a network address of the network device;
determining if the network address matches a permitted network address from a set of permitted network addresses; andif it is determined that the network address matches the permitted network address, passing the received data packet for SIP processing; and responsive to a determination that the network device is a device that is not recognized by the SIP server and before SIP processing using the SIP stack; determining whether the data packet conforms to a permitted configuration, the permitted configuration comprising at least that data indicative of fragmentation information and transport protocol information indicates an unfragmented User Datagram Protocol (UDP) packet and that at least a portion of data indicative of SIP data in the received data packet matches a parsing rule based on data indicative of a REGISTER request; discarding the received data packet if it is determined that the data packet does not conform to the permitted configuration; and passing the received data packet for SIP processing by the SIP stack if it is determined that the data packet does conform to the permitted configuration; wherein the method further comprises; removing the network address of the network device from the set of permitted network addresses.
-
-
8. A method of managing network communications to a Session Initiation Protocol (SIP) server capable of SIP processing using a SIP stack based on a received data packet, the method comprising:
-
receiving a data packet from a network device, the data packet comprising data indicative of fragmentation information, transport protocol information and SIP data; determining, from the data packet, whether the network device is a device recognized by the SIP server, wherein the step of determining whether the network device is recognized by the SIP server comprises; determining a network address of the network device; determining if the network address matches a permitted network address from a set of permitted network addresses; and if it is determined that the network address matches the permitted network address, passing the received data packet for SIP processing; and responsive to a determination that the network device is a device that is not responsive by the SIP server and before SIP processing using the SIP stack; determining whether the data packet conforms to permitted configuration, the permitted configuration comprising at least that data indicative of fragmentation information and transport protocol information indicates an unfragmented User Datagram Protocol (UDP) packet and that at least a portion of data indicative of SIP data in the received data packet matches a parsing rule based on data indicative of a REGISTER request; discarding the received data packet if it is determined that the data packet does not conform to the permitted configuration; and passing the received data packet for SIP processing by the SIP stack if it is determined that the data packet does conform to the permitted configuration, wherein the method further comprises; removing the network address of the network device from the set of permitted network addresses. - View Dependent Claims (9, 10, 11, 12)
-
Specification