[OpenSIPS-Users] Fwd: Re: How to protect OpenSIPS from undesidered requests (DoS attack?)

Roberto Spadim roberto at spadim.com.br
Wed Mar 6 21:23:22 CET 2013 

maybe a log file, and deny ip is faster
but if you want it per user, it's slower, since you must check if user is
ok in a database
using ip, you only need to log and a external program (ex fail2ban) can
block it via iptables, hosts.deny or other method



2013/3/6 Muhammad Shahzad <shaheryarkh at gmail.com>

> While this will work for small setups but i have feeling that this won't
> be suitable for high load productive systems, since it does same thing as
> fail2ban but runs INLINE, blocking other sip requests till it is finished.
>
> Thank you.
>
>
> On Wed, Mar 6, 2013 at 8:48 PM, Hubert Mickael <mickael at winlux.fr> wrote:
>
>>  Hi,
>>  Pike module to stop flood ?
>> I have add perl script at pike to add firewall rule in my freebsd.
>>
>> Example opensips conf:
>>
>> #------------------- module pike ---------------
>> loadmodule "pike.so"
>> #----------- pike params ------------
>> modparam("pike", "sampling_time_unit", 2)
>> modparam("pike", "reqs_density_per_unit", 80)
>> modparam("pike", "remove_latency", 130)
>> modparam("pike", "pike_log_level", -1)
>>
>> in script:
>>
>> *    if(!pike_check_req())**
>> **        {**
>> **        if(perl_exec("pikesendmail"))**
>> **                {**
>> **                        xlog("L_INFO","Fonction perl_exec PIKE OK");**
>> **                }**
>> **                xlog("L_WARN","PIKE_CHECK_REQ banned IP $si because of
>> flooding requests");**
>> **                exit;**
>> **        }*
>>
>> perl script:
>>
>>
>> sub pikesendmail
>> {
>>         MIME::Lite->send('smtp', 'smtp.....');
>>
>>         my $serverIP = OpenSIPS::AVP::get("serverIP");
>>         my $sourceIP = OpenSIPS::AVP::get("sourceIP");
>>
>>         my @exceptions = (@my IP);
>>
>>         my $logfile = "/var/log/pikemodule.log";
>>         my $date = localtime();
>>         open LOGFILE, ">>$logfile" or die "cannot open logfile $logfile
>> for append: $!";
>>
>>         my $subject = "IP $sourceIP blocked by server $serverIP";
>>         my @body ;
>>         my @argsbash ;
>>         my @listeIP ;
>>         my $maxid ;
>>         my $newid ;
>>         my $reglepresente = 0 ;
>>         my $inhib = 0 ;
>>         my $i=0;
>>
>>         for $i (@exceptions)
>>         {
>>                 if($sourceIP eq $i)
>>                 {
>>                         $inhib = 1 ;
>>                         last ;
>>                 }
>>         }
>>
>>         foreach(`ipfw list | grep ^005 | awk -F" " {'print \$5'}`)
>>         {
>>                 push (@listeIP,$_) ;
>>         }
>>
>>         for(@listeIP){
>>                 print "$_";
>>                 if($_ =~ $sourceIP){
>>                         #print "regle deja presente\n";
>>                         $reglepresente = 1 ;
>>                 }
>>         }
>>
>>         if($reglepresente == 0 && $inhib == 0){
>>
>>                 $maxid=`ipfw list | grep ^005 | tail -n1 | awk -F" "
>> {'print \$1'} | sed "s/^00//"`;
>>                 if ($maxid eq ''){
>>                         $newid = 500 ;
>>                 }else{
>>                         $newid = $maxid+1 ;
>>                 }
>>
>>
>>                 @argsbash = ("ipfw", "add $newid deny ip from $sourceIP
>> to me");
>>                 if(system(@argsbash) == 0
>>                         or die "system @argsbash failed: $?"){
>>                         print LOGFILE "$date INFO : Nouveau blocage pour
>> SIP flooding \n";
>>                         print LOGFILE "$date INFO : Regle IPFW appliquee
>> ID $newid \n";
>>                         log(L_INFO, "SIP Flooding, IP $sourceIP blocked
>> with IPFW rule $newid\n");
>>                 }
>>
>>                 open(EMAILB,"/usr/local/libexec/templ_email.tpl") || die
>> ("Erreur d'ouverture de EMAILB") ;
>>                 while (<EMAILB>) {
>>                         $_ =~ s/PARA1/$sourceIP/g;
>>                         $_ =~ s/PARA2/$serverIP/g;
>>                         $_ =~ s/PARA3/$newid/g;
>>                         push (@body,$_);
>>                 }
>>
>>                 close(EMAILB);
>>
>>                 # Création d'un objet MIME::Lite avec les en-têtes du
>> message
>>                 my $message = MIME::Lite->new(
>>                         From       => 'OpenSIPS <noreply at hexanet.fr><noreply at hexanet.fr>
>> ',
>>                         To         => '',
>>                         Subject    => "$subject",
>>                         "X-Mailer" => 'OpenSIPS',
>>                        Type       => 'text/html',
>>                         Data       => "@body",
>>                 );
>>
>>                 if($message->send()){
>>                         print LOGFILE "$date INFO : Mail envoye pour
>> blocage IP $sourceIP\n";
>>                         log(L_INFO, "SIP Flooding, mail has been sent\n");
>>                 }
>>
>>                 close LOGFILE ;
>>         }
>>
>>     return 1;
>> }
>>
>> bye
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>
>
> --
> Muhammad Shahzad
> -----------------------------------
> CISCO Rich Media Communication Specialist (CRMCS)
> CISCO Certified Network Associate (CCNA)
> Cell: +49 176 99 83 10 85
> MSN: shari_786pk at hotmail.com
> Email: shaheryarkh at googlemail.com
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>


-- 
Roberto Spadim
SPAEmpresarial
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20130306/8ba6a546/attachment-0001.htm>

More information about the Users mailing list