[OpenSIPS-Users] Fwd: Re: How to protect OpenSIPS from undesidered requests (DoS attack?)

Muhammad Shahzad shaheryarkh at gmail.com
Wed Mar 6 21:18:13 CET 2013


While this will work for small setups but i have feeling that this won't be
suitable for high load productive systems, since it does same thing as
fail2ban but runs INLINE, blocking other sip requests till it is finished.

Thank you.


On Wed, Mar 6, 2013 at 8:48 PM, Hubert Mickael <mickael at winlux.fr> wrote:

>  Hi,
>  Pike module to stop flood ?
> I have add perl script at pike to add firewall rule in my freebsd.
>
> Example opensips conf:
>
> #------------------- module pike ---------------
> loadmodule "pike.so"
> #----------- pike params ------------
> modparam("pike", "sampling_time_unit", 2)
> modparam("pike", "reqs_density_per_unit", 80)
> modparam("pike", "remove_latency", 130)
> modparam("pike", "pike_log_level", -1)
>
> in script:
>
> *    if(!pike_check_req())**
> **        {**
> **        if(perl_exec("pikesendmail"))**
> **                {**
> **                        xlog("L_INFO","Fonction perl_exec PIKE OK");**
> **                }**
> **                xlog("L_WARN","PIKE_CHECK_REQ banned IP $si because of
> flooding requests");**
> **                exit;**
> **        }*
>
> perl script:
>
>
> sub pikesendmail
> {
>         MIME::Lite->send('smtp', 'smtp.....');
>
>         my $serverIP = OpenSIPS::AVP::get("serverIP");
>         my $sourceIP = OpenSIPS::AVP::get("sourceIP");
>
>         my @exceptions = (@my IP);
>
>         my $logfile = "/var/log/pikemodule.log";
>         my $date = localtime();
>         open LOGFILE, ">>$logfile" or die "cannot open logfile $logfile
> for append: $!";
>
>         my $subject = "IP $sourceIP blocked by server $serverIP";
>         my @body ;
>         my @argsbash ;
>         my @listeIP ;
>         my $maxid ;
>         my $newid ;
>         my $reglepresente = 0 ;
>         my $inhib = 0 ;
>         my $i=0;
>
>         for $i (@exceptions)
>         {
>                 if($sourceIP eq $i)
>                 {
>                         $inhib = 1 ;
>                         last ;
>                 }
>         }
>
>         foreach(`ipfw list | grep ^005 | awk -F" " {'print \$5'}`)
>         {
>                 push (@listeIP,$_) ;
>         }
>
>         for(@listeIP){
>                 print "$_";
>                 if($_ =~ $sourceIP){
>                         #print "regle deja presente\n";
>                         $reglepresente = 1 ;
>                 }
>         }
>
>         if($reglepresente == 0 && $inhib == 0){
>
>                 $maxid=`ipfw list | grep ^005 | tail -n1 | awk -F" "
> {'print \$1'} | sed "s/^00//"`;
>                 if ($maxid eq ''){
>                         $newid = 500 ;
>                 }else{
>                         $newid = $maxid+1 ;
>                 }
>
>
>                 @argsbash = ("ipfw", "add $newid deny ip from $sourceIP to
> me");
>                 if(system(@argsbash) == 0
>                         or die "system @argsbash failed: $?"){
>                         print LOGFILE "$date INFO : Nouveau blocage pour
> SIP flooding \n";
>                         print LOGFILE "$date INFO : Regle IPFW appliquee
> ID $newid \n";
>                         log(L_INFO, "SIP Flooding, IP $sourceIP blocked
> with IPFW rule $newid\n");
>                 }
>
>                 open(EMAILB,"/usr/local/libexec/templ_email.tpl") || die
> ("Erreur d'ouverture de EMAILB") ;
>                 while (<EMAILB>) {
>                         $_ =~ s/PARA1/$sourceIP/g;
>                         $_ =~ s/PARA2/$serverIP/g;
>                         $_ =~ s/PARA3/$newid/g;
>                         push (@body,$_);
>                 }
>
>                 close(EMAILB);
>
>                 # Création d'un objet MIME::Lite avec les en-têtes du
> message
>                 my $message = MIME::Lite->new(
>                         From       => 'OpenSIPS <noreply at hexanet.fr><noreply at hexanet.fr>
> ',
>                         To         => '',
>                         Subject    => "$subject",
>                         "X-Mailer" => 'OpenSIPS',
>                        Type       => 'text/html',
>                         Data       => "@body",
>                 );
>
>                 if($message->send()){
>                         print LOGFILE "$date INFO : Mail envoye pour
> blocage IP $sourceIP\n";
>                         log(L_INFO, "SIP Flooding, mail has been sent\n");
>                 }
>
>                 close LOGFILE ;
>         }
>
>     return 1;
> }
>
> bye
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>


-- 
Muhammad Shahzad
-----------------------------------
CISCO Rich Media Communication Specialist (CRMCS)
CISCO Certified Network Associate (CCNA)
Cell: +49 176 99 83 10 85
MSN: shari_786pk at hotmail.com
Email: shaheryarkh at googlemail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20130306/55f579d9/attachment.htm>


More information about the Users mailing list