Hi, yesterday I tryed pike module: ------------------------------------------------------------------------------------------------------------ modparam("pike", "sampling_time_unit", 10) modparam("pike", "reqs_density_per_unit", 30) modparam("pike", "remove_latency", 130) route{ ### pike if (!pike_check_req()) { xlog("pike module has detected IP abuse. Terminating message.\n"); exit; }; # Sanity Check Section ... ... } ------------------------------------------------------------------------------------------------------------ I runned sipp and generate lot of messages from my laptop to my OpenSer server. After a while "pike_check_req()" returns FALSE and the message is terminated. Ok. But if during the sipp attack I do a call from my laptop softphone (same public IP then) most of the times the call is accepted, even if I see the xlog message (because sipp atack) and my IP is listed when doing: ~# openserctl fifo pike_list How is possible? And other question: what is exactly "remove_latency" parameter for? I read: "For how long the IP address will be kept in memory after the last request from that IP address. It's a sort of timeout value." - Is it seconds or miliseconds? - Does it mean the time that listed IP's will be "banned" (I mean the IP's appearing in "openserctl fifo pike_list")? I think is not this because I put: modparam("pike", "remove_latency", 9999999999999) and the IP dissapears of listed IP's after a few seconds (10 - 20). Thanks for any explanation. Regards. -- Iñaki Baz Castillo ibc(a)in.ilimit.es