How about a combination of GotoIF, and app_dbodbc (or app_db):
exten => 700,1,playback(ddos-on) exten => 700,2,DBput(DDOS/yes)
exten => 701,1,playback(ddos-off) exten => 701,2,DBdel(DDOS/yes)
[mymainaa] exten => s,1,DBGET(TRUE=DDOS/yes) exten => s,2,Do this
exten =) s,102,do something else
My comment: Good suggestion, but requires user intervention. I'm lazy and I want it to be totally transparent. I'm not avaliable most of the time and training someone to do it is not reliable, even my MCSE monkey would have trouble figuring out that we are being DoS'd (NOT my hire!)
-and-
Primary * box detects DD0S -> runs:
asterisk -rx "database put PANIC DDOS YES"
and have your dialplan look for that database family/key being set to determine which path it takes.
When the primary * box detects that the DD0S is over -> runs:
asterisk -rx "database del PANIC DDOS"
My comment: Better suggestion, and looks to be workable. What would be a good way to detect latency? A cron job that pings a known host with, say, 2K of data and pipes it back to a shell script? If so, what kind of frequency would be considered effective? Every 30 seconds, 1 minute?
His suggestion was basically the same thing, only in mine you would dial an extension to "activate" DDOS mode instead of running the database put from the command line.
How about monitoring your hosts with "iax2/sip show peers" and parsing that output with a cron job? The ping thing looks like it would be more of a problem than anything else.
OR you could run Snort and have it "detect" the DDOS somehow... Not a snort expert, but it has to be doable.
Are these inbound or outbound calls? (both?) I am pretty confused about all of this...
-- Kristian Kielhofner _______________________________________________ Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
