I need to bother about crazy client by considering “Flood” detection technique. I can do it by using OpenSER Pike module which helps to keep trace of all (or selected ones) incoming request's IP source and blocks the ones that exceeded some limit.
In my case: If the number of SIP messages from a single IP address to my SIP Proxy exceeds 100 per minute. Recommended action: Block IP for 12 hours.
I tried with the pike module but I’m little bit confused with sampling, density, and timeout value.
Please help me with example configuration by considering my point.
Thanks,
ARIF
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Sampling and density defines how many requests per timeout should trigger the request - reqs_density_per_unit / sampling_time_unit - In your case is 100 req / 60 seconds .
Remove_latency says how much time to wait until cancelling the flood report.
Hi,
I need to bother about crazy client by considering “Flood” detection technique. I can do it by using OpenSER Pike module which helps to keep trace of all (or selected ones) incoming request's IP source and blocks the ones that exceeded some limit.
In my case: If the number of SIP messages from a single IP address to my SIP Proxy exceeds 100 per minute. Recommended action: Block IP for 12 hours.
I tried with the pike module but I’m little bit confused with sampling, density, and timeout value.
Please help me with example configuration by considering my point.
Thanks,
ARIF
Hi Arif,
Sampling and density defines how many requests per timeout should trigger the request - reqs_density_per_unit / sampling_time_unit - In your case is 100 req / 60 seconds .
Remove_latency says how much time to wait until cancelling the flood report.
See http://www.opensips.org/html/docs/modules/devel/pike.html
Regards,
Bogdan