Hello Daniel,

I've tested according to your suggessions but No Luck. I've configured to block for 10 minutes and its working but not works for 2 hours. Please help me with your comments.

Thanks, ARIF

-----Original Message----- From: users-bounces@lists.kamailio.org [mailto:users-bounces@lists.kamailio.org] On Behalf Of Daniel-Constantin Mierla Sent: Tuesday, October 14, 2008 3:05 PM To: Arif-Uz-Zaman Cc: users@lists.kamailio.org Subject: Re: [Kamailio-Users] How to handle DoS attack and OpenSER Pikemodule!

Hello,

On 10/14/08 09:32, Arif-Uz-Zaman wrote:

Hi all, I need to bother about crazy client by considering "Flood" detection technique. I can do it by using OpenSER Pike http://kamailio.org/docs/modules/1.2.x/pike.html module which helps to keep trace of all (or selected ones) incoming request's IP source and blocks the ones that exceeded some limit.

In my case: If the number of SIP messages from a single IP address to my SIP Proxy exceeds *200* per minute. Recommended action: Block IP for 2 hours.

I tried with the pike module but I'm little bit confused with sampling, density, and timeout value.

Please help me with example configuration by considering my point.

have you tried:

modparam("pike", "sampling_time_unit", 60) modparam("pike", "reqs_density_per_unit", 200) modparam("pike", "remove_latency", 7200)

Cheers, Daniel

-- Daniel-Constantin Mierla http://www.asipto.com

_______________________________________________ Users mailing list Users@lists.kamailio.org http://lists.kamailio.org/cgi-bin/mailman/listinfo/users