El mié., 14 de ago. de 2019 a la(s) 04:55, Daniel Tryba (d.tryba(a)pocos.nl)
escribió:
On Tue, Aug 13, 2019 at 03:57:36PM -0430, PICCORO
McKAY Lenz wrote:
# this it's my setup for pike due the dinamyc
ip and devices over the
internet:
modparam("pike",
"sampling_time_unit", 4)
modparam("pike", "reqs_density_per_unit", 80)
modparam("pike", "remove_latency", 60)
With above settings a client will be banned if it
sends more than 80
messages per 4s. And ipaddresses will be tracked by pike for at max 60s
after the last request.
Thanks a lot, the language barrier confused all, you confirmed to me..
that the pike only are a tool to property ban with htable.. thanks o lot
But now have a doub, please guide me with that:
Wheter the config id good depends on the behavior of your clients. A
simple SIP phone will only send a couple of messages
per second. A
multitenant machine can send many depending on the number of channels
and trunks configured (and the way it may REGISTER, e.g. asterisk tries
to REGISTER all trunks at the same time (sequentially))
you said: " A simple SIP phone will only send a couple of messages per
second"
so if i have that special case with dinamyc ip in clients.. who could be
better to not confuse those clients with intents of attacks?
oh, also i put for scanners that:
if($ua =~ "friendly-scanner") {
xlog("L_ALERT", "friendly scanning incoming $rm IP:$si:$sp - R:$ruri -
F:$fu - T:$tu - UA:$ua - $rm\n");
$sht(ipban=>$si) = 1;
drop();
}
so i ban the ip where the friendly scanner are made for a while, it's that
correct?
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users(a)lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users