[OpenSIPS-Users] pike & exec & iptables

Liviu Chircu liviu at opensips.org
Thu May 24 02:15:23 EDT 2018


Nice! I noticed your blog post as well :)

Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com

On 24.05.2018 07:56, Alexey K. via Users wrote:
> Done.
>
> 1.  ipset create SIPFLOOD hash:ip timeout 120 comment
>
> 2.  iptables -A INPUT -m set --match-set SIPFLOOD src -j DROP
>
> 3. add to /etc/sudoers:
> opensips ALL= NOPASSWD: /sbin/ipset
>
> 4. OpenSIPS config (OPTIONS processing for test environment):
>
> #### exec
> loadmodule "exec.so"
>
> #### antiflood module
> loadmodule "pike.so"
> modparam("pike", "sampling_time_unit", 2)
> modparam("pike", "reqs_density_per_unit", 10)
> modparam("pike", "remove_latency", 120)
>
> ...
>
> if(is_method("OPTIONS")) {
>
>      pike_check_req();
>      switch($retcode) {
>          case -2:    # detected once - simply drop the request
>              exit;
>          case -1:    # detected again - ban the IP and drop request
>              exec("/usr/bin/sudo ipset -exist add SIPFLOOD $si");
>              exit;
>      }
>
>      sl_send_reply("200", "OK");
>      exit;
> }
>
> 5. Test with sipp. Generate 70 requests (-r) in 2 seconds (-rp 2000) and exiting sipp after sending 70 requests (-m):
>
> sipp 172.16.0.222 -r 70 -rp 2000 -m 70 -sf OPTIONS.xml
>
>   
> OPTIONS.xml contents:
>
>
> <?xml version="1.0" encoding="us-ascii"?>
> <scenario name="Options">
> <send>
> <![CDATA[
> OPTIONS sip:[service]@[remote_ip] SIP/2.0
> Via: SIP/2.0/[transport] [local_ip]:[local_port];branch=[branch]
> Max-Forwards: 70
> To:<sip:[service]@[remote_ip]>
> From: sipp<sip:sipp@[local_ip]:[local_port]>;tag=[call_number]
> Call-ID: [call_id]
> CSeq: 1 OPTIONS
> Contact:<sip:sipp@[local_ip]:[local_port]>
> Accept: application/sdp
> Content-Length: 0
> ]]>
> </send>
> </scenario>
>
>
> 6. Profit:)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20180524/52409f10/attachment.html>


More information about the Users mailing list