Hi, yesterday I tryed pike module:

------------------------------------------------------------------------------------------------------------ modparam("pike", "sampling_time_unit", 10) modparam("pike", "reqs_density_per_unit", 30) modparam("pike", "remove_latency", 130)

route{

### pike if (!pike_check_req()) { xlog("pike module has detected IP abuse. Terminating message.\n"); exit; };

# Sanity Check Section ... ... } ------------------------------------------------------------------------------------------------------------

I runned sipp and generate lot of messages from my laptop to my OpenSer server. After a while "pike_check_req()" returns FALSE and the message is terminated. Ok.

But if during the sipp attack I do a call from my laptop softphone (same public IP then) most of the times the call is accepted, even if I see the xlog message (because sipp atack) and my IP is listed when doing: ~# openserctl fifo pike_list

How is possible?

And other question: what is exactly "remove_latency" parameter for? I read: "For how long the IP address will be kept in memory after the last request from that IP address. It's a sort of timeout value."

- Is it seconds or miliseconds?

- Does it mean the time that listed IP's will be "banned" (I mean the IP's appearing in "openserctl fifo pike_list")? I think is not this because I put: modparam("pike", "remove_latency", 9999999999999) and the IP dissapears of listed IP's after a few seconds (10 - 20).

Thanks for any explanation. Regards.