[OpenSIPS-Users] Register attack!

Saúl Ibarra Corretgé saul at ag-projects.com
Wed Nov 10 14:34:25 CET 2010


Hi Flavio,

On 11/03/2010 06:23 PM, Flavio Goncalves wrote:
> Hi Saul,
>
> I did like your solution. My only concern about Pike was to block
> legitimate traffic. A SIP dialer can easily get to the pike threshold,
> but doing pike_check_req() just for register, options and bye requests
> seems to avoid this.
>
> The only "but" is,  the attack can also be done using INVITE and using
> Pike with INVITE can make you drop legitimate traffic, my initial
> concern. I think, that detecting authentication requests with wrong
> passwords or inexistent users is still the most generic solution. Just
> an opinion.
>

Of course, pike is not a solution alone. I've also seen pik ekick in if 
you have too many MESSAGEs stored on msilo for example. Different 
techniques need to be used in order to cover most of the cases, as you 
pointed out.


Regards,

-- 
Saúl Ibarra Corretgé
AG Projects



More information about the Users mailing list