Hello,
we are running kamailio 1.4.
Some days ago one of our subscribers SIP phone went crazy and
bombarded our proxy with thousands of REGISTER requests. Actually, it
didn't wait for any response of the proxy, it just kept sending
REGISTER messages (same packet always). Since we are running with
nonce_reuse disabled, it stalled the server due to "auth:challenge:
failed to generate nonce".
I don't have the whole figure but the packet capture I inspected
showed that the terminal sent more than 200 thousand REGISTER messages
in 15 seconds.
We may not be able to replace those terminals at this moment. So to
avoid this problem to happen again, we enabled nonce_reuse. However
this only will solve the nonce problem but still we will have a lot of
hits to database.
So I was thinking, maybe I should create a transaction before sending
the challenge so that REGISTER retransmissions would be absorbed. I
was thinking in doing something like this:
if (!proxy_authorize("", "subscriber")) {
t_newtran();
proxy_challenge("", "0");
exit;
}
Does anyone see any problem/shortcoming with this?
regards,
takeshi
_______________________________________________
Kamailio (OpenSER) - Users mailing list
Users(a)lists.kamailio.org
http://lists.kamailio.org/cgi-bin/mailman/listinfo/users
http://lists.openser-project.org/cgi-bin/mailman/listinfo/users