El mié., 14 de ago. de 2019 a la(s) 04:55, Daniel Tryba (d.tryba@pocos.nl) escribió:

On Tue, Aug 13, 2019 at 03:57:36PM -0430, PICCORO McKAY Lenz wrote:
> # this it's my setup for pike due the dinamyc ip and devices over the internet:
> modparam("pike", "sampling_time_unit", 4)
> modparam("pike", "reqs_density_per_unit", 80)
> modparam("pike", "remove_latency", 60)

With above settings a client will be banned if it sends more than 80
messages per 4s. And ipaddresses will be tracked by pike for at max 60s
after the last request.

Thanks a lot, the language barrier confused all, you confirmed to me..
that the pike only are a tool to property ban with htable.. thanks o lot

But now have a doub, please guide me with that:

Wheter the config id good depends on the behavior of your clients. A
simple SIP phone will only send a couple of messages per second. A
multitenant machine can send many depending on the number of channels
and trunks configured (and the way it may REGISTER, e.g. asterisk tries
to REGISTER all trunks at the same time (sequentially))

you said: " A simple SIP phone will only send a couple of messages per second"

so if i have that special case with dinamyc ip in clients.. who could be better to not confuse those clients with intents of attacks?

oh, also i put for scanners that:

if($ua =~ "friendly-scanner") {
xlog("L_ALERT", "friendly scanning incoming $rm IP:$si:$sp - R:$ruri - F:$fu - T:$tu - UA:$ua - $rm\n");
$sht(ipban=>$si) = 1;
drop();
}

so i ban the ip where the friendly scanner are made for a while, it's that correct?

_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users