Hi,
i want to use pike module to avoid brute-force attack on Register. are the values of the parameters expressed in seconds? it seems that there is a problem because i've set: modparam("pike", "sampling_time_unit", 30) modparam("pike", "reqs_density_per_unit", 10) modparam("pike", "remove_latency", 600)
and the routing logic is: if (method=="REGISTER") { # Checks brute-force attacks if (!pike_check_req()) { sl_send_reply("403", "Too many attempts!"); break; }; if (!www_authorize("caspur.it", "subscriber")) { www_challenge("caspur.it", "0"); break; }; save("location"); break; };
but when I reach the limit it blocks the requests only for less than 1 minute... where is the mistake?any idea?
thanks, Stefano
Hi Stefano,
as the docs say: http://www.openser.org/docs/modules/1.2.x/pike.html#AEN77 the remove_latency is the time interval the node will be kept in memory for (before being removed). It has nothing to do with the interval the node is considered red (blocking).
The fact the node stays in memory will lead to a faster "red" detection as the IP will not be expanded again.
regards, bogdan
Stefano Capitanio wrote:
Hi,
i want to use pike module to avoid brute-force attack on Register. are the values of the parameters expressed in seconds? it seems that there is a problem because i've set: modparam("pike", "sampling_time_unit", 30) modparam("pike", "reqs_density_per_unit", 10) modparam("pike", "remove_latency", 600)
and the routing logic is: if (method=="REGISTER") { # Checks brute-force attacks if (!pike_check_req()) { sl_send_reply("403", "Too many attempts!"); break; }; if (!www_authorize("caspur.it", "subscriber")) { www_challenge("caspur.it", "0"); break; }; save("location"); break; };
but when I reach the limit it blocks the requests only for less than 1 minute... where is the mistake?any idea?
thanks, Stefano
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Hi Bogdan,
so what can I do if I want to block for 10 minutes the requests coming from the IP address that excedeed the limit?
thanks for your help, Stefano
Bogdan-Andrei Iancu ha scritto:
Hi Stefano,
as the docs say: http://www.openser.org/docs/modules/1.2.x/pike.html#AEN77 the remove_latency is the time interval the node will be kept in memory for (before being removed). It has nothing to do with the interval the node is considered red (blocking).
The fact the node stays in memory will lead to a faster "red" detection as the IP will not be expanded again.
regards, bogdan
Stefano Capitanio wrote:
Hi,
i want to use pike module to avoid brute-force attack on Register. are the values of the parameters expressed in seconds? it seems that there is a problem because i've set: modparam("pike", "sampling_time_unit", 30) modparam("pike", "reqs_density_per_unit", 10) modparam("pike", "remove_latency", 600)
and the routing logic is: if (method=="REGISTER") { # Checks brute-force attacks if (!pike_check_req()) { sl_send_reply("403", "Too many attempts!"); break; }; if (!www_authorize("caspur.it", "subscriber")) { www_challenge("caspur.it", "0"); break; }; save("location"); break; };
but when I reach the limit it blocks the requests only for less than 1 minute... where is the mistake?any idea?
thanks, Stefano
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
Stefano,
no too much at the moment :(..but please open a Feature Request on the project's tracker and I will take a look to see how difficult is to add a new param to set a blocking period of time.
regards, bogdan
Stefano Capitanio wrote:
Hi Bogdan,
so what can I do if I want to block for 10 minutes the requests coming from the IP address that excedeed the limit?
thanks for your help, Stefano
Bogdan-Andrei Iancu ha scritto:
Hi Stefano,
as the docs say: http://www.openser.org/docs/modules/1.2.x/pike.html#AEN77 the remove_latency is the time interval the node will be kept in memory for (before being removed). It has nothing to do with the interval the node is considered red (blocking).
The fact the node stays in memory will lead to a faster "red" detection as the IP will not be expanded again.
regards, bogdan
Stefano Capitanio wrote:
Hi,
i want to use pike module to avoid brute-force attack on Register. are the values of the parameters expressed in seconds? it seems that there is a problem because i've set: modparam("pike", "sampling_time_unit", 30) modparam("pike", "reqs_density_per_unit", 10) modparam("pike", "remove_latency", 600)
and the routing logic is: if (method=="REGISTER") { # Checks brute-force attacks if (!pike_check_req()) { sl_send_reply("403", "Too many attempts!"); break; }; if (!www_authorize("caspur.it", "subscriber")) { www_challenge("caspur.it", "0"); break; }; save("location"); break; };
but when I reach the limit it blocks the requests only for less than 1 minute... where is the mistake?any idea?
thanks, Stefano
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users
-
Bogdan-Andrei Iancu -
Stefano Capitanio