Hi Flavio,
On 11/03/2010 06:23 PM, Flavio Goncalves wrote:
Hi Saul,
I did like your solution. My only concern about Pike was to block
legitimate traffic. A SIP dialer can easily get to the pike threshold,
but doing pike_check_req() just for register, options and bye requests
seems to avoid this.
The only "but" is, the attack can also be done using INVITE and using
Pike with INVITE can make you drop legitimate traffic, my initial
concern. I think, that detecting authentication requests with wrong
passwords or inexistent users is still the most generic solution. Just
an opinion.
Of course, pike is not a solution alone. I've also seen pik ekick in if
you have too many MESSAGEs stored on msilo for example. Different
techniques need to be used in order to cover most of the cases, as you
pointed out.
Regards,
--
Saúl Ibarra Corretgé
AG Projects
_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
