Hi Santi,
The remove_latency is not about "unblocking" the node, but for how slow
the nodes should be removed from IP tree, if there are not hits (this is
something that controls the collapsing of the tree if there is no
traffic/hits).
The node will stay BLOCK as time as there is traffic (as volume) to
match the "blocking" condition. As soon as the traffic goes away and the
condition fails, the node is unblocked.
I agree that the naming is not the best, neither the explanations in the
docs :P...
The idea here is to have pike module as a way of detecting (the flooding
srcs) and not as a tool to manage the blocking. For such purposes you
can use dedicated tools like file2ban.
Best regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
https://www.opensips-solutions.com
https://www.siphub.com
On 06.09.2024 15:22, Santi Antón wrote:
Hello,
I’m using pike module with this module configuration.
loadmodule "pike.so"
modparam("pike", "sampling_time_unit", 5)
modparam("pike", "reqs_density_per_unit", 10)
modparam("pike", "remove_latency", 3600)
The module detects the DoS, but 6-8 seconds later unblock the source
IP when it is set to last 1h, where I’m going wrong?
I’ve tried different “remove_latency” values with the same results.
The log shows it.
Sep 5 18:30:32 voiptfm /usr/sbin/opensips[660915]: INFO:PIKE -
BLOCKing ip 172.16.53.12, node=0x7f93ec486bc8
Sep 5 18:30:38 voiptfm /usr/sbin/opensips[660934]: INFO:PIKE -
UNBLOCKing node 0x7f93ec486bc8
Sep 5 18:30:55 voiptfm /usr/sbin/opensips[660916]: INFO:PIKE -
BLOCKing ip 172.16.53.12, node=0x7f93ec486bc8
Sep 5 18:31:03 voiptfm /usr/sbin/opensips[660934]: INFO:PIKE -
UNBLOCKing node 0x7f93ec486bc8
Sep 6 13:36:08 voiptfm /usr/sbin/opensips[669077]: INFO:PIKE -
BLOCKing ip 172.16.53.12, node=0x7f2727f97448
Sep 6 13:36:13 voiptfm /usr/sbin/opensips[669092]: INFO:PIKE -
UNBLOCKing node 0x7f2727f97448
Salutacions/Saludos,
*Santi Antón*
*Responsable de operaciones***
*Tel. 902 520 520 - Ext. 106*
[email protected] <mailto:[email protected]>
*902 520 520*
www.quarea.com <http://www.quarea.com/>
*Quarea ITC Management & Consulting*
Su experto en Redes Voz-Datos IP:
Asterisk, Cisco, Polycom, Sangoma
//
//
//
//
//
//
//
//
//
//
/En compliment del que es disposa en l'article 13 del Reglament (UE)
2016/679, relatiu a la Protecció de Dades de Caràcter Personal, QUAREA
ITC MANAGEMENT & CONSULTING, SL garanteix la confidencialitat de les
dades personals dels seus clients. Li comuniquem que la seva adreça de
correu electrònic forma part d'una base de dades gestionada sota la
responsabilitat de QUAREA ITC MANAGEMENT & CONSULTING, SL, amb l'única
finalitat de prestar-li els serveis per vostè sol·licitats, per la
seva condició de client, proveïdor, o perquè ens hagi sol·licitat
informació en algun moment. Les dades seran conservades durant el
temps necessari per poder prestar-li els nostres serveis i complir amb
les nostres obligacions legals. És voluntat de QUAREA ITC MANAGEMENT &
CONSULTING, SL, evitar l'enviament deliberat de correu no sol·licitat,
per la qual cosa podrà a tot moment, exercitar els seus drets d'accés,
rectificació, supressió, limitació del seu tractament, oposició i
portabilitat de les seves dades de caràcter personal mitjançant el
correu electrònic //[email protected]/ <mailto:[email protected]>
/En cumplimiento de lo dispuesto en el artículo 13 del Reglamento (UE)
2016/679, relativo a la Protección de Datos de Carácter Personal,
QUAREA ITC MANAGEMENT & CONSULTING, SL garantiza la confidencialidad
de los datos personales de sus clientes. Le comunicamos que su
dirección de correo electrónico forma parte de una base de datos
gestionada bajo la responsabilidad de QUAREA ITC MANAGEMENT &
CONSULTING, SL, con la única finalidad de prestarle los servicios por
usted solicitados, por su condición de cliente, proveedor, o porque
nos haya solicitado información en algún momento. Los datos serán
conservados durante el tiempo necesario para poder prestarle nuestros
servicios y cumplir con nuestras obligaciones legales. Es voluntad de
QUAREA ITC MANAGEMENT & CONSULTING, SL, evitar el envío deliberado de
correo no solicitado, por lo cual podrá en todo momento, ejercitar sus
derechos de acceso, rectificación, supresión, limitación de su
tratamiento, oposición y portabilidad de sus datos de carácter
personal mediante el correo electrónico //[email protected]/
<mailto:[email protected]>
/In compliance with the provisions of Article 13 of Regulation (EU)
2016/679, regarding the Protection of Personal Data, QUAREA ITC
MANAGEMENT & CONSULTING, SL guarantees the confidentiality of the
personal data of his customers. We inform you that your email address
is part of a managed database under the responsibility of QUAREA ITC
MANAGEMENT & CONSULTING, SL, for the sole purpose of providing the
services requested by you, as a client, supplier, or because we have
requested information at some time. The data will be kept for the time
necessary to provide our services and comply with our legal
obligations. It is the will of QUAREA ITC MANAGEMENT & CONSULTING, SL,
to avoid the deliberate sending of unsolicited mail, so that it may,
at any time, exercise your rights of access, rectification, removal,
limitation of his treatment, opposition and portability of his
personal data through the email //[email protected]/
<mailto:[email protected]>
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
