13 Dec
2006
13 Dec
'06
2:20 p.m.
Hi,
i want to use pike module to avoid brute-force attack on Register.
are the values of the parameters expressed in seconds?
it seems that there is a problem because i've set:
modparam("pike", "sampling_time_unit", 30)
modparam("pike", "reqs_density_per_unit", 10)
modparam("pike", "remove_latency", 600)
and the routing logic is:
if (method=="REGISTER") {
# Checks brute-force attacks
if (!pike_check_req()) {
sl_send_reply("403", "Too many
attempts!");
break;
};
if (!www_authorize("caspur.it", "subscriber"))
{
www_challenge("caspur.it", "0");
break;
};
save("location");
break;
};
but when I reach the limit it blocks the requests only for less than 1
minute...
where is the mistake?any idea?
thanks,
Stefano
14 Dec
14 Dec
12:12 p.m.
Hi Stefano,
as the docs say:
http://www.openser.org/docs/modules/1.2.x/pike.html#AEN77
the remove_latency is the time interval the node will be kept in memory
for (before being removed). It has nothing to do with the interval the
node is considered red (blocking).
The fact the node stays in memory will lead to a faster "red" detection
as the IP will not be expanded again.
regards,
bogdan
Stefano Capitanio wrote:
Hi,
i want to use pike module to avoid brute-force attack on Register.
are the values of the parameters expressed in seconds?
it seems that there is a problem because i've set:
modparam("pike", "sampling_time_unit", 30)
modparam("pike", "reqs_density_per_unit", 10)
modparam("pike", "remove_latency", 600)
and the routing logic is:
if (method=="REGISTER") {
# Checks brute-force attacks
if (!pike_check_req()) {
sl_send_reply("403", "Too many
attempts!");
break;
};
if (!www_authorize("caspur.it", "subscriber"))
{
www_challenge("caspur.it", "0");
break;
};
save("location");
break;
};
but when I reach the limit it blocks the requests only for less than 1
minute...
where is the mistake?any idea?
thanks,
Stefano
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
12:19 p.m.
Hi Bogdan,
so what can I do if I want to block for 10 minutes the requests coming
from the IP address that excedeed the limit?
thanks for your help,
Stefano
Bogdan-Andrei Iancu ha scritto:
Hi Stefano,
as the docs say:
http://www.openser.org/docs/modules/1.2.x/pike.html#AEN77
the remove_latency is the time interval the node will be kept in
memory for (before being removed). It has nothing to do with the
interval the node is considered red (blocking).
The fact the node stays in memory will lead to a faster "red"
detection as the IP will not be expanded again.
regards,
bogdan
Stefano Capitanio wrote:
Hi,
i want to use pike module to avoid brute-force attack on Register.
are the values of the parameters expressed in seconds?
it seems that there is a problem because i've set:
modparam("pike", "sampling_time_unit", 30)
modparam("pike", "reqs_density_per_unit", 10)
modparam("pike", "remove_latency", 600)
and the routing logic is:
if (method=="REGISTER") {
# Checks brute-force attacks
if (!pike_check_req()) {
sl_send_reply("403", "Too many
attempts!");
break;
};
if (!www_authorize("caspur.it", "subscriber"))
{
www_challenge("caspur.it", "0");
break;
};
save("location");
break;
};
but when I reach the limit it blocks the requests only for less than
1 minute...
where is the mistake?any idea?
thanks,
Stefano
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users
12:22 p.m.
Stefano,
no too much at the moment :(..but please open a Feature Request on the
project's tracker and I will take a look to see how difficult is to add
a new param to set a blocking period of time.
regards,
bogdan
Stefano Capitanio wrote:
Hi Bogdan,
so what can I do if I want to block for 10 minutes the requests coming
from the IP address that excedeed the limit?
thanks for your help,
Stefano
Bogdan-Andrei Iancu ha scritto:
> Hi Stefano,
>
> as the docs say:
> http://www.openser.org/docs/modules/1.2.x/pike.html#AEN77
> the remove_latency is the time interval the node will be kept in
> memory for (before being removed). It has nothing to do with the
> interval the node is considered red (blocking).
>
> The fact the node stays in memory will lead to a faster "red"
> detection as the IP will not be expanded again.
>
> regards,
> bogdan
>
> Stefano Capitanio wrote:
>
>> Hi,
>>
>> i want to use pike module to avoid brute-force attack on Register.
>> are the values of the parameters expressed in seconds?
>> it seems that there is a problem because i've set:
>> modparam("pike", "sampling_time_unit", 30)
>> modparam("pike", "reqs_density_per_unit", 10)
>> modparam("pike", "remove_latency", 600)
>>
>> and the routing logic is:
>> if (method=="REGISTER") {
>> # Checks brute-force attacks
>> if (!pike_check_req()) {
>> sl_send_reply("403", "Too many
>> attempts!");
>> break;
>> };
>> if (!www_authorize("caspur.it",
"subscriber")) {
>> www_challenge("caspur.it",
"0");
>> break;
>> };
>> save("location");
>> break;
>> };
>>
>> but when I reach the limit it blocks the requests only for less than
>> 1 minute...
>> where is the mistake?any idea?
>>
>> thanks,
>> Stefano
>>
>> _______________________________________________
>> Users mailing list
>> Users(a)openser.org
>> http://openser.org/cgi-bin/mailman/listinfo/users
>>
>
6553
days inactive
6554
days old
3 comments
2 participants
participants (2)
-
Bogdan-Andrei Iancu -
Stefano Capitanio