I need to bother about crazy client by considering “Flood” detection technique. I can do it by using OpenSER Pike module which helps to keep trace of all (or selected ones) incoming request's IP source and blocks the ones that exceeded some limit.
In my case: If the number of SIP messages from a single IP address to my SIP Proxy exceeds 100 per minute. Recommended action: Block IP for 12 hours.
I tried with the pike module but I’m little bit confused with sampling, density, and timeout value.
Please help me with example configuration by considering my point.
Thanks,
ARIF
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi,
I need to bother about crazy client by considering “Flood” detection technique. I can do it by using OpenSER Pike module which helps to keep trace of all (or selected ones) incoming request's IP source and blocks the ones that exceeded some limit.
In my case: If the number of SIP messages from a single IP address to my SIP Proxy exceeds 100 per minute. Recommended action: Block IP for 12 hours.
I tried with the pike module but I’m little bit confused with sampling, density, and timeout value.
Please help me with example configuration by considering my point.
Thanks,
ARIF
replied on the "Open Discussions" forum.