THanks Alex,
do you think i can do something like where i check $FU reaching the rate
limit then blocket somehow for a few minutes.
thank you, I apreciate your help.
# perform pipe match for INVITE
if (is_method("INVITE")) {
$var(invlimit) = 10;
if (!pl_check("$fU", "TAILDROP",
"$var(invlimit)")) {
pl_drop();
exit;
}
}
On Wed, Sep 7, 2016 at 9:23 PM, Alex Balashov <abalashov(a)evaristesys.com>
wrote:
May I humbly suggest the very flexible pipelimit
module?
On 09/08/2016 12:12 AM, anfecora wrote:
Hi is there any way to use pike and htable to mitigate ddos or flood
attack from trusted trunks.
I need help to build it the same way kamailio control registrations.
Case a carrier trunk star calling several users from the system to more
than 50 CPS(calls per second), it will affect the system but cannot
block the trunk since it is pstn traffic coming from a sip provider,
therefore we need to find a way to identify this traffic based on ANI or
DNIS or any other header and then blocked for a time just like pike does
with registrations, then start the cycle all over.
in less words make kamailio be aware of invite request rate, then
verify that is from the same source means ani or dnis then tagged as bad
traffic them star dropping it for a specified time, while normal traffic
still flowing unaffected.
any recommendations will be highly appreciated.
thank you
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
--
Alex Balashov | Principal | Evariste Systems LLC
Tel: +1-706-510-6800 (direct) / +1-800-250-5920 (toll-free)
Web:
http://www.evaristesys.com/,
http://www.csrpswitch.com/
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users