[OpenSER-Users] Questions about pike module

[Iñaki Baz Castillo]

Hi, yesterday I tryed pike module:

------------------------------------------------------------------------------------------------------------
modparam("pike", "sampling_time_unit", 10)
modparam("pike", "reqs_density_per_unit", 30)
modparam("pike", "remove_latency", 130)

route{

   ### pike
   if (!pike_check_req()) {
      xlog("pike module has detected IP abuse. Terminating message.\n");
      exit;
   };

   # Sanity Check Section
   ...
   ...
}
------------------------------------------------------------------------------------------------------------

I runned sipp and generate lot of messages from my laptop to my OpenSer 
server. After a while "pike_check_req()" returns FALSE and the message is 
terminated. Ok.

But if during the sipp attack I do a call from my laptop softphone (same 
public IP then) most of the times the call is accepted, even if I see the 
xlog message (because sipp atack) and my IP is listed when doing:
  ~# openserctl fifo pike_list

How is possible?




And other question: what is exactly "remove_latency" parameter for? I read:
  "For how long the IP address will be kept in memory after the last request
    from that IP address. It's a sort of timeout value."

- Is it seconds or miliseconds?

- Does it mean the time that listed IP's will be "banned" (I mean the IP's 
appearing in "openserctl fifo pike_list")?
I think is not this because I put:
  modparam("pike", "remove_latency", 9999999999999)
and the IP dissapears of listed IP's after a few seconds (10 - 20).


Thanks for any explanation. Regards.




-- 
Iñaki Baz Castillo
ibc at in.ilimit.es