Voip Shelter API (1.0.1)

Download OpenAPI specification:Download

Copyright 2023 Iplabs S.r.l.: info@iplabs.it URL: https://www.iplabs.it Terms of Service

Voip Shelter API documentation by Iplabs S.r.l.

Introduction

These services (REST APIs and DNS server) were created to manage the security of your internet services.
The blacklist is populated by detecting malicious activity carried out on the web.
With the DNS request you can check if an IP address is present in the blacklist, and with the REST APIs you can both insert a new IP address or to check whether an IP address is present in it.

Application usages

DNS Server request method

The DNS request will let you know if an IP address is blacklisted. To find out if an IP address is in the blacklist you have to perform a DNS query to resolve "IP_ADDRESS_HERE.dnsbl.ipshelter.org"

Example request for IP 1.2.3.4

dig +noall +answer 1.2.3.4.dnsbl.ipshelter.org

If the IP address is in the blacklist the DNS response will contains anrecord of type A with the IP address requested, otherwise the response will be empty.

Example response in case the IP is in blacklist

1.2.3.4.dnsbl.ipshelter.org 14400 IN A 1.2.3.4

Kamailio

Check blacklist example with DNS request:

$var(dns) = $si + ".dnsbl.ipshelter.org";

if (dns_int_match_ip("$var(dns)", "$si")) {
    xlog("L_ALERT","IP is in the blacklist: $var(dns)");
    sl_send_reply("503","You are blocked");
    
    exit;
}

Ban example:

if($ua =~ "friendly|scanner|sipcli|sipvicious|VaxSIPUserAgent|pplsip") {
    http_async_query("https://app.voipshelter.org/external/api/rest/v1/blacklist/$si/ban?k=YOUR_LICENSE_KEY_HERE", "HTTP_REPLY");

    exit;
}

Asterisk

Example:

exten => _X.,1,Set(voipShelterApiKey=YOUR_LICENSE_KEY_HERE)
same => n,Set(tmpIp=${CHANNEL(pjsip,remote_addr)})
same => n,Set(remoteIp=${CUT(tmpIp,:,1)})
same => n,Set(voipShelterApiUrl=https://app.voipshelter.org/external/api/rest/v1/blacklist/${remoteIp}/verify?k=${voipShelterApiKey})
same => n,Set(result=${SHELL(curl "${voipShelterApiUrl}" | jq ".is_banned" | tr -d "\n")})
same => n,GotoIf($["${result}" = "true"]?block:process)
same => n(block),Noop(IP address is in blacklist)
same => n,Hangup
same => n(process),Answer()
same => n,Hangup

Freeswitch

Example:

<extension name="announce">
    <condition field="destination_number" expression="^6000$">
        <action application="curl" data="https://app.voipshelter.org/external/api/rest/v1/blacklist/${network_addr}/verify?k=YOUR_LICENSE_KEY_HERE json" inline="true" />
        <action application="set" data="blocked=${system echo '${curl_response_data}' | jq '.is_banned' | tr -d \"\n\"}" inline="true"/>
        <condition field="blocked" expression="^true$">
            <anti-action application="respond" data="503"/>
        </condition>
        <condition field="blocked" expression="^false$">
            <action application="set" data="curl_response_data=" inline="true"/>
            <action application="info"/>
            <action application="set" data="rtcp_audio_interval_msec=5000"/>
            <action application="answer"/>
            <action application="sleep" data="2000"/>
            <action application="ivr" data="demo_ivr"/>
        </condition>
    </condition>
</extension>

OpnSense

This configuration require a purchased license key.
In OpnSense you can load firewall aliases updated by an HTTP request.
You have to add new alias selecting type "URL table (IPs)" and "content" the GetBlacklist API in plain mode with the limit parameter set to 0.

PfSense

This configuration require a purchased license key.
In PfSense you can load firewall aliases updated by an HTTP request.
You have to add new alias selecting type "URL (IPs)" and the parmameter "URL (IPs)" is the GetBlacklist API in plain mode with the limit parameter set to 0.

Honeypot Application

In the download area you can find the honeypot application (VoIPShelterProble).

Give VoIPShelterProble execution permission using the command chmod +x VoIPShelterProbe and move it in the /usr/local/bin folder using the command mv VoIPShelterProble /usr/local/bin/.

Then run the application using the two parameters required:

-ip BIND_IP_ADDRESS:PORT -k YOUR_LICENSE_KEY_HERE

Example:

./VoIPShelterProbe -ip 1.2.3.4:5060 -k MySecretLicenseKey

You can start at boot configuring systemd creating the file /etc/systemd/system/voipshield-honeypot.service with the following content (remember to replace the required parameters):

[Unit]
Description=VoIPShield Honeypot
After=network.target

[Service]
Type=oneshot
ExecStart=/usr/local/bin/VoIPShelterProble -ip <BIND_IP_ADDRESS:PORT> -k <YOUR_LICENSE_KEY>

[Install]
WantedBy=multi-user.target

Then run the command systemctl enable voipshield-honeypot.service to launch the honeypot application at boot.

REST API

REST API Authentication

Each API request must contain in the "k" parameter, which is the free license key obtained during registration. Some APIs may require a purchased license keypropriety .

GetBlacklist

Get the blacklist (purchased license key)

Get the blacklist

Get the voipblock blacklist

query Parameters
k
required
string
Default: "YOUR_LICENSE_KEY"

The provided license key

mode
any
Default: "plain"
Enum: "json" "plain"

Get the response with the choosen content type, has the same behaviour as is set Accept-header with values "application/json" (json) or "text/plain" (plain)

limit
integer
Default: 10

Limit the results. Value 0 is equal to no limit

filter
string
Default: null
Example: filter=fromid:20

Available filters fromid:{id} - Get the blacklist with id > {id}

It is useful if you loop through values and you save the last id received using the property "last_id"

Example: fromid:20

Responses

Response samples

Content type
{
  • "items": [
    ],
  • "info": {
    }
}

Ban

Ban an IP address

Ban an IP address

Ban an IP address

path Parameters
ipAddress
required
string
Default: null
Example: 1.2.3.4

IP address to add in blacklist

query Parameters
k
required
string
Default: "YOUR_LICENSE_KEY"

The provided license key

description
string
Default: "VoIP attack"

The reason why an IP address is banned

mode
any
Default: "plain"
Enum: "json" "plain"

Get the response with the choosen content type, has the same behaviour as is set Accept-header with values "application/json" (json) or "text/plain" (plain)

Responses

Response samples

Content type
{
  • "status": "OK",
  • "message": "Ban this IP Address"
}

CheckBan

Verify if the IP address is in blacklist

Verify if an IP address is in blacklist

Verify if an IP address is in blacklist

path Parameters
ipAddress
required
string
Default: null
Example: 1.2.3.4

IP address

query Parameters
k
required
string
Default: "YOUR_LICENSE_KEY"

The provided license key

mode
any
Default: "plain"
Enum: "json" "plain"

Get the response with the choosen content type, has the same behaviour as is set Accept-header with values "application/json" (json) or "text/plain" (plain)

Responses

Response samples

Content type
{
  • "status": "OK",
  • "is_banned": true,
  • "message": "IP Address exists"
}

IpBlRemovalAccepted

Get the list of IP addresses removed from blacklist (purchased license key)

Get the IP addresses that was removed from the blacklist

Get the IP addresses that was removed from the blacklist

query Parameters
k
required
string
Default: "YOUR_LICENSE_KEY"

The provided license key

mode
any
Default: "plain"
Enum: "json" "plain"

Get the response with the choosen content type, has the same behaviour as is set Accept-header with values "application/json" (json) or "text/plain" (plain)

limit
integer
Default: 10

Limit the results. Value 0 is equal to no limit

filter
string
Default: null
Example: filter=fromid:20

Available filters fromid:{id} - Get the removed IPs in blacklist with id > {id}

It is useful if you loop through values and you save the last id received using the property "last_id"

Example: fromid:20

Responses

Response samples

Content type
{
  • "items": [
    ],
  • "info": {
    }
}