[OpenSIPS-Users] Opensips 2.5 and fraud module

Liviu Chircu liviu at opensips.org
Tue Apr 3 11:26:23 EDT 2018


Hmmm... indeed, the "sequential calls" only reset if you dial a 
different number.

If the other stats reset at midnight/interval change, I don't see why 
this specific one should be different. To me, it looks like a bug. Do 
you agree?

Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com

On 03.04.2018 16:49, Denis via Users wrote:
> Hello Liviu!
> I am sorry, i totally missed one important thing - serial forking)))
> I.e. i had 52 records in accounting, but several of them leads to one 
> call.
> As a result i had exactly 29 calls before fraud module became block 
> subsequent calls.
> About counters reset i understood. Thank you.
> The last question about "sequential_calls". This counter does not 
> reset? Even in manual mode?
> Thank you.
> -- 
> С уважением, Денис.
> Best regards, Denis
> 03.04.2018, 15:30, "Liviu Chircu" <liviu at opensips.org>:
>>
>> Hi Denis,
>>
>> Regarding the "52 calls" vs. 25/30 limits, are you sure all 52 calls 
>> were made by the same user? Keep in mind that all fraud_detection 
>> module stats are per-user counters, and not global counters. If they 
>> really were all made by the same user, please let me know and I will 
>> double-check my tests.
>>
>> The "cpm", "total_calls" and "concurrent_calls" reset either on an 
>> interval change or at midnight (new day ahead). This leads to a 
>> possible undetected abuse of up to 2x your provisioned "cpm", 
>> "total_calls" or "concurrent_calls", if the malicious user places 
>> "limit - 1" events before the reset, followed by another "limit - 1" 
>> events past the reset. If this is too much for you, then your 
>> provisioned limits (thresholds) are incorrect, and you should simply 
>> cut them in half.
>>
>> Best regards,
>>
>> Liviu Chircu
>> OpenSIPS Developer
>> http://www.opensips-solutions.com <http://www.opensips-solutions.com/>
>> On 22.03.2018 09:59, Denis via Users wrote:
>>> Hello!
>>> Is there any idea about the problem?
>>> Thank you.
>>> -- 
>>> С уважением, Денис.
>>> Best regards, Denis
>>> 16.03.2018, 15:22, "Denis via Users" <users at lists.opensips.org> 
>>> <mailto:users at lists.opensips.org>:
>>>> Hello!
>>>> I am sorry that it was early, but anyway.
>>>> Server:: OpenSIPS (2.2.5 (x86_64/linux))
>>>> Fraud_module has been activated.
>>>> Profile data
>>>> 17.02.18 20:55 Opensips received first fraud call.
>>>> And before Opensips detected fraud there were 52 yet calls to 810 
>>>> prefix.
>>>> First question is why it didn`t detected fraud early (dialing with 
>>>> total_calls, for example)?
>>>> Then.
>>>> Till the end of 17.02 Opensips blocked the calls from client to 
>>>> 810, but in 18.02 i can see success fraud calls to 810 from the 
>>>> client again.
>>>> Second question is why? Opensips resets count every new day?
>>>> Thank you.
>>>> -- 
>>>> С уважением, Денис.
>>>> Best regards, Denis
>>>> ,
>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at lists.opensips.org <mailto:Users at lists.opensips.org>
>>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opensips.org <mailto:Users at lists.opensips.org>
>>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>> ,
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org <mailto:Users at lists.opensips.org>
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20180403/120462d9/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 7209 bytes
Desc: not available
URL: <http://lists.opensips.org/pipermail/users/attachments/20180403/120462d9/attachment.png>


More information about the Users mailing list