Hello,

I think the values based on your environment. 
The pike module is good if you can estimate the request volume per source ip (peer). 
The biggest challange is that if the peers are behind nat and you dont have baselines. 

We are using Kamailio as a registrar proxy for customer extensions, so we have IPs with small request rate and high volumes. 

We figured out a temporary whitelisting solution which is based on htables. If we got some okay registrations from one IP address, then we bypassing pike check from that IP for a while. Its not the best solution but it could be a way to temporary trust ip addresses which are not doing something bad traffic. 

Another possible solution imho is the ratelimit module, which is all about transactions not ip addresses. You can combine ratelimit with htables and you can implement something which are could be better and can be finer tunable than pike. 

Cheers,
Zoltan
Feladó: Benoit Panizzon <benoit.panizzon@imp.ch>
Elküldve: Thursday, April 27, 2023 4:07:55 PM
Címzett: sr-users@lists.kamailio.org <sr-users@lists.kamailio.org>
Tárgy: [SR-Users] Sensible values for pike mudule?
 
Hi

Before I go too deep into try and error, I guess others have been there
too.

What are sensible value you use for the pike module to detect /
mitigate abusive behavior, especially dictionary attacks?

Are there better solutions that the pike module?

Mit freundlichen Grüssen

-Benoît Panizzon-
--
I m p r o W a r e   A G    -    Leiter Commerce Kunden
______________________________________________________

Zurlindenstrasse 29             Tel  +41 61 826 93 00
CH-4133 Pratteln                Fax  +41 61 826 93 01
Schweiz                         Web  http://www.imp.ch
______________________________________________________
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-leave@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe: