[OpenSIPS-Users] Register attack!
Bogdan-Andrei Iancu
bogdan at voice-system.ro
Mon Nov 8 12:25:50 CET 2010
Saúl Ibarra Corretgé wrote:
> On 11/03/2010 04:00 PM, Hung Nguyen wrote:
>
>> Hi all, thanks for reply.
>>
>> I have tested with pike module. It is very simple.
>>
>> ------
>> modparam("pike", "sampling_time_unit", 3)
>> modparam("pike", "reqs_density_per_unit", 20)
>>
>> if (method = 'REGISTER | OPTION | BYE') {
>> if (!pike_check_req()) {
>> #TODO: do anything if you want
>> drop();
>> exit;
>> }
>> }
>> ------
>>
>> I tested with sipvicious, about 5 second pike detect flood => drop
>> packet or send 200 OK for register (svcrash.py will stop).
>> You can be blook flooding with any method.
>>
>>
>
> Take into account that with pike module you are dropping the packets at
> the application level, but they still enter the system. As the pike
> module also generates syslog messages, you may want to use them in
> combination with some other tool in order to block the traffic with
> iptables, for example.
>
Actually the pike module is not taking any action - it simply implements
a detection mechanism - you need to do your own actions when flood is
reported ; you can integrate the pike detection and reporting with other
protection tools, like when pike detects a flood attack , use iptables
to ban the IP.
Regards,
Bogdan
--
Bogdan-Andrei Iancu
OpenSIPS Bootcamp
15 - 19 November 2010, Edison, New Jersey, USA
www.voice-system.ro
More information about the Users
mailing list