Saúl Ibarra Corretgé wrote: > On 11/03/2010 04:00 PM, Hung Nguyen wrote: > >> Hi all, thanks for reply. >> >> I have tested with pike module. It is very simple. >> >> ------ >> modparam("pike", "sampling_time_unit", 3) >> modparam("pike", "reqs_density_per_unit", 20) >> >> if (method = 'REGISTER | OPTION | BYE') { >> if (!pike_check_req()) { >> #TODO: do anything if you want >> drop(); >> exit; >> } >> } >> ------ >> >> I tested with sipvicious, about 5 second pike detect flood => drop >> packet or send 200 OK for register (svcrash.py will stop). >> You can be blook flooding with any method. >> >> > > Take into account that with pike module you are dropping the packets at > the application level, but they still enter the system. As the pike > module also generates syslog messages, you may want to use them in > combination with some other tool in order to block the traffic with > iptables, for example. > Actually the pike module is not taking any action - it simply implements a detection mechanism - you need to do your own actions when flood is reported ; you can integrate the pike detection and reporting with other protection tools, like when pike detects a flood attack , use iptables to ban the IP.
Regards, Bogdan -- Bogdan-Andrei Iancu OpenSIPS Bootcamp 15 - 19 November 2010, Edison, New Jersey, USA www.voice-system.ro _______________________________________________ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users