Download OpenAPI specification:Download
Voip Shelter API documentation by Iplabs S.r.l.
These services (REST APIs and DNS server) were created to manage the security of your internet services.
The blacklist is populated by detecting malicious activity carried out on the web.
With the DNS request you can check if an IP address is present in the blacklist, and with the REST APIs you can both insert a new IP address or to check whether an IP address is present in it.
The DNS request will let you know if an IP address is blacklisted. To find out if an IP address is in the blacklist you have to perform a DNS query to resolve "IP_ADDRESS_HERE.dnsbl.ipshelter.org"
Example request for IP 1.2.3.4
dig +noall +answer 1.2.3.4.dnsbl.ipshelter.org
If the IP address is in the blacklist the DNS response will contains anrecord of type A with the IP address requested, otherwise the response will be empty.
Example response in case the IP is in blacklist
1.2.3.4.dnsbl.ipshelter.org 14400 IN A 1.2.3.4
Check blacklist example with DNS request:
$var(dns) = $si + ".dnsbl.ipshelter.org";
if (dns_int_match_ip("$var(dns)", "$si")) {
xlog("L_ALERT","IP is in the blacklist: $var(dns)");
sl_send_reply("503","You are blocked");
exit;
}
Ban example:
if($ua =~ "friendly|scanner|sipcli|sipvicious|VaxSIPUserAgent|pplsip") {
http_async_query("https://app.voipshelter.org/external/api/rest/v1/blacklist/$si/ban?k=YOUR_LICENSE_KEY_HERE", "HTTP_REPLY");
exit;
}
Example:
exten => _X.,1,Set(voipShelterApiKey=YOUR_LICENSE_KEY_HERE)
same => n,Set(tmpIp=${CHANNEL(pjsip,remote_addr)})
same => n,Set(remoteIp=${CUT(tmpIp,:,1)})
same => n,Set(voipShelterApiUrl=https://app.voipshelter.org/external/api/rest/v1/blacklist/${remoteIp}/verify?k=${voipShelterApiKey})
same => n,Set(result=${SHELL(curl "${voipShelterApiUrl}" | jq ".is_banned" | tr -d "\n")})
same => n,GotoIf($["${result}" = "true"]?block:process)
same => n(block),Noop(IP address is in blacklist)
same => n,Hangup
same => n(process),Answer()
same => n,Hangup
Example:
<extension name="announce">
<condition field="destination_number" expression="^6000$">
<action application="curl" data="https://app.voipshelter.org/external/api/rest/v1/blacklist/${network_addr}/verify?k=YOUR_LICENSE_KEY_HERE json" inline="true" />
<action application="set" data="blocked=${system echo '${curl_response_data}' | jq '.is_banned' | tr -d \"\n\"}" inline="true"/>
<condition field="blocked" expression="^true$">
<anti-action application="respond" data="503"/>
</condition>
<condition field="blocked" expression="^false$">
<action application="set" data="curl_response_data=" inline="true"/>
<action application="info"/>
<action application="set" data="rtcp_audio_interval_msec=5000"/>
<action application="answer"/>
<action application="sleep" data="2000"/>
<action application="ivr" data="demo_ivr"/>
</condition>
</condition>
</extension>
This configuration require a purchased license key.
In OpnSense you can load firewall aliases updated by an HTTP request.
You have to add new alias selecting type "URL table (IPs)" and "content" the GetBlacklist API in plain mode with the limit parameter set to 0.
This configuration require a purchased license key.
In PfSense you can load firewall aliases updated by an HTTP request.
You have to add new alias selecting type "URL (IPs)" and the parmameter "URL (IPs)" is the GetBlacklist API in plain mode with the limit parameter set to 0.
In the download area you can find the honeypot application (VoIPShelterProble).
Give VoIPShelterProble execution permission using the command chmod +x VoIPShelterProbe
and move it in the /usr/local/bin folder using the command mv VoIPShelterProble /usr/local/bin/
.
Then run the application using the two parameters required:
-ip BIND_IP_ADDRESS:PORT -k YOUR_LICENSE_KEY_HERE
Example:
./VoIPShelterProbe -ip 1.2.3.4:5060 -k MySecretLicenseKey
You can start at boot configuring systemd creating the file /etc/systemd/system/voipshield-honeypot.service with the following content (remember to replace the required parameters):
[Unit]
Description=VoIPShield Honeypot
After=network.target
[Service]
Type=oneshot
ExecStart=/usr/local/bin/VoIPShelterProble -ip <BIND_IP_ADDRESS:PORT> -k <YOUR_LICENSE_KEY>
[Install]
WantedBy=multi-user.target
Then run the command systemctl enable voipshield-honeypot.service
to launch the honeypot application at boot.
Each API request must contain in the "k" parameter, which is the free license key obtained during registration. Some APIs may require a purchased license keypropriety .
Get the voipblock blacklist
k required | string Default: "YOUR_LICENSE_KEY" The provided license key |
mode | any Default: "plain" Enum: "json" "plain" Get the response with the choosen content type, has the same behaviour as is set Accept-header with values "application/json" (json) or "text/plain" (plain) |
limit | integer Default: 10 Limit the results. Value 0 is equal to no limit |
filter | string Default: null Example: filter=fromid:20 Available filters fromid:{id} - Get the blacklist with id > {id} It is useful if you loop through values and you save the last id received using the property "last_id" Example: fromid:20 |
{- "items": [
- "1.2.3.4/32",
- "5.6.7.8/32",
- "9.8.7.6/32"
], - "info": {
- "last_id": 158,
- "items_count": 100,
- "max_id": 13954
}
}
Ban an IP address
ipAddress required | string Default: null Example: 1.2.3.4 IP address to add in blacklist |
k required | string Default: "YOUR_LICENSE_KEY" The provided license key |
description | string Default: "VoIP attack" The reason why an IP address is banned |
mode | any Default: "plain" Enum: "json" "plain" Get the response with the choosen content type, has the same behaviour as is set Accept-header with values "application/json" (json) or "text/plain" (plain) |
{- "status": "OK",
- "message": "Ban this IP Address"
}
Verify if an IP address is in blacklist
ipAddress required | string Default: null Example: 1.2.3.4 IP address |
k required | string Default: "YOUR_LICENSE_KEY" The provided license key |
mode | any Default: "plain" Enum: "json" "plain" Get the response with the choosen content type, has the same behaviour as is set Accept-header with values "application/json" (json) or "text/plain" (plain) |
{- "status": "OK",
- "is_banned": true,
- "message": "IP Address exists"
}
Get the IP addresses that was removed from the blacklist
k required | string Default: "YOUR_LICENSE_KEY" The provided license key |
mode | any Default: "plain" Enum: "json" "plain" Get the response with the choosen content type, has the same behaviour as is set Accept-header with values "application/json" (json) or "text/plain" (plain) |
limit | integer Default: 10 Limit the results. Value 0 is equal to no limit |
filter | string Default: null Example: filter=fromid:20 Available filters fromid:{id} - Get the removed IPs in blacklist with id > {id} It is useful if you loop through values and you save the last id received using the property "last_id" Example: fromid:20 |
{- "items": [
- "2.3.4.5/32",
- "6.7.8.9/32",
- "11.12.13.14/32"
], - "info": {
- "last_id": 158,
- "items_count": 100,
- "max_id": 13954
}
}