[OpenSIPS-Users] Register attack!
Saúl Ibarra Corretgé
saul at ag-projects.com
Wed Nov 3 16:32:35 CET 2010
On 11/03/2010 04:00 PM, Hung Nguyen wrote:
> Hi all, thanks for reply.
>
> I have tested with pike module. It is very simple.
>
> ------
> modparam("pike", "sampling_time_unit", 3)
> modparam("pike", "reqs_density_per_unit", 20)
>
> if (method = 'REGISTER | OPTION | BYE') {
> if (!pike_check_req()) {
> #TODO: do anything if you want
> drop();
> exit;
> }
> }
> ------
>
> I tested with sipvicious, about 5 second pike detect flood => drop
> packet or send 200 OK for register (svcrash.py will stop).
> You can be blook flooding with any method.
>
Take into account that with pike module you are dropping the packets at
the application level, but they still enter the system. As the pike
module also generates syslog messages, you may want to use them in
combination with some other tool in order to block the traffic with
iptables, for example.
Regards,
--
Saúl Ibarra Corretgé
AG Projects
More information about the Users
mailing list