[OpenSIPS-Users] ratelimit: per group/account limiting

Jeff Pyle jpyle at fidelityvoice.com
Tue Feb 22 21:32:45 CET 2011


Indeed.  We've had to resort to combing the accounting database after the
fact, and when certain minute volumes or calls-per-minute thresholds have
been exceeded, disable the trunk.  This has saved us on more than a few
occasions.

Outside of fraudulant or DoS activities, it would be very useful to
restrict the number of initial INVITEs per second of an arbitrary entity,
much like the dialog module has profiles one can use to identify dialog
quantities as one sees fit.


- Jeff


On 2/22/11 3:28 PM, "Adrian Georgescu" <ag at ag-projects.com> wrote:

>Ovidiu,
>
>With stolen account credentials one can cause major frauds during a
>single weekend without looking like a DOS attack. Rate limiting of normal
>SIP accounts to a few simultaneous calls or whatever is normal usage is
>the best defensive strategy. Pike is not useful for non-DOS situations
>like this.
>
>Adrian
>
>On Feb 22, 2011, at 8:39 PM, Ovidiu Sas wrote:
>
>> The ratelimit module was designed to deal with SIP trunks and not with
>> subscriber traffic.
>> Under normal circumstances, the subscriber traffic does not need to be
>> ratelimit-ed.
>
>
>> The pike module can be used to identify DoS traffic from a particular
>> subscriber and then take appropriate action.
>> 
>> Regards,
>> Ovidiu Sas
>> 
>> On Tue, Feb 22, 2011 at 12:52 PM, Jeff Pyle <jpyle at fidelityvoice.com>
>>wrote:
>>> Ronald,
>>> 
>>> I got into this very same question:
>>>  http://www.openser.org/pipermail/users/2009-November/009405.html
>>> 
>>> Despite my apparent enthusiasm at the time I never did implement
>>>anything
>>> useful.
>>> 
>>> 
>>> - Jeff
>>> 
>>> 
>>> 
>>> On 2/22/11 12:27 PM, "Ovidiu Sas" <osas at voipembedded.com> wrote:
>>> 
>>>> Yes, you can do this with opensips.  Just assign a pipe number to an
>>>> account and use that pipe to limit traffic for that account:
>>>> 
>>>>http://www.opensips.org/html/docs/modules/devel/ratelimit.html#id250282
>>>> 
>>>> For now, there is a limit of 16 pipes:
>>>> 
>>>>http://www.opensips.org/html/docs/modules/devel/ratelimit.html#id293075
>>>> 
>>>> 
>>>> Regards,
>>>> Ovidiu Sas
>>>> 
>>>> On Mon, Feb 21, 2011 at 11:41 AM, Ronald Cepres <rbcepres at gmail.com>
>>>> wrote:
>>>>> Hi everyone,
>>>>> I would like to ask all of you if it is possible to use ratelimit
>>>>> module to
>>>>> limit cps per account/group (i.e.: account A has limit of 10 cps,
>>>>> account
>>>>> B's is 20 cps, etc.)? Is it even possible to implement this set-up on
>>>>> opensips?
>>>>> Thanks for any kind of help.
>>>>> Regards,
>>>>> Ronald
>>> 
>>> 
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opensips.org
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>> 
>> 
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>> 
>
>
>_______________________________________________
>Users mailing list
>Users at lists.opensips.org
>http://lists.opensips.org/cgi-bin/mailman/listinfo/users




More information about the Users mailing list