[OpenSIPS-Users] Fwd: Re: How to protect OpenSIPS from undesidered requests (DoS attack?)

Hubert Mickael mickael at winlux.fr
Wed Mar 6 20:48:10 CET 2013


Hi,
Pike module to stop flood ?
I have add perl script at pike to add firewall rule in my freebsd.

Example opensips conf:

#------------------- module pike ---------------
loadmodule "pike.so"
#----------- pike params ------------
modparam("pike", "sampling_time_unit", 2)
modparam("pike", "reqs_density_per_unit", 80)
modparam("pike", "remove_latency", 130)
modparam("pike", "pike_log_level", -1)

in script:

/    if(!pike_check_req())//
//        {//
//        if(perl_exec("pikesendmail"))//
//                {//
//                        xlog("L_INFO","Fonction perl_exec PIKE OK");//
//                }//
//                xlog("L_WARN","PIKE_CHECK_REQ banned IP $si because of 
flooding requests");//
//                exit;//
//        }/

perl script:


sub pikesendmail
{
         MIME::Lite->send('smtp', 'smtp.....');

         my $serverIP = OpenSIPS::AVP::get("serverIP");
         my $sourceIP = OpenSIPS::AVP::get("sourceIP");

         my @exceptions = (@my IP);

         my $logfile = "/var/log/pikemodule.log";
         my $date = localtime();
         open LOGFILE, ">>$logfile" or die "cannot open logfile $logfile 
for append: $!";

         my $subject = "IP $sourceIP blocked by server $serverIP";
         my @body ;
         my @argsbash ;
         my @listeIP ;
         my $maxid ;
         my $newid ;
         my $reglepresente = 0 ;
         my $inhib = 0 ;
         my $i=0;

         for $i (@exceptions)
         {
                 if($sourceIP eq $i)
                 {
                         $inhib = 1 ;
                         last ;
                 }
         }

         foreach(`ipfw list | grep ^005 | awk -F" " {'print \$5'}`)
         {
                 push (@listeIP,$_) ;
         }

         for(@listeIP){
                 print "$_";
                 if($_ =~ $sourceIP){
                         #print "regle deja presente\n";
                         $reglepresente = 1 ;
                 }
         }

         if($reglepresente == 0 && $inhib == 0){

                 $maxid=`ipfw list | grep ^005 | tail -n1 | awk -F" " 
{'print \$1'} | sed "s/^00//"`;
                 if ($maxid eq ''){
                         $newid = 500 ;
                 }else{
                         $newid = $maxid+1 ;
                 }


                 @argsbash = ("ipfw", "add $newid deny ip from $sourceIP 
to me");
                 if(system(@argsbash) == 0
                         or die "system @argsbash failed: $?"){
                         print LOGFILE "$date INFO : Nouveau blocage 
pour SIP flooding \n";
                         print LOGFILE "$date INFO : Regle IPFW 
appliquee ID $newid \n";
                         log(L_INFO, "SIP Flooding, IP $sourceIP blocked 
with IPFW rule $newid\n");
                 }

open(EMAILB,"/usr/local/libexec/templ_email.tpl") || die ("Erreur 
d'ouverture de EMAILB") ;
                 while (<EMAILB>) {
                         $_ =~ s/PARA1/$sourceIP/g;
                         $_ =~ s/PARA2/$serverIP/g;
                         $_ =~ s/PARA3/$newid/g;
                         push (@body,$_);
                 }

                 close(EMAILB);

                 # Création d'un objet MIME::Lite avec les en-têtes du 
message
                 my $message = MIME::Lite->new(
                         From       => 'OpenSIPS <noreply at hexanet.fr>',
                         To         => '',
                         Subject    => "$subject",
                         "X-Mailer" => 'OpenSIPS',
                        Type       => 'text/html',
                         Data       => "@body",
                 );

                 if($message->send()){
                         print LOGFILE "$date INFO : Mail envoye pour 
blocage IP $sourceIP\n";
                         log(L_INFO, "SIP Flooding, mail has been sent\n");
                 }

                 close LOGFILE ;
         }

     return 1;
}

bye
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20130306/28370980/attachment-0001.htm>


More information about the Users mailing list