[OpenSER-Users] Questions about pike module
Iñaki Baz Castillo
ibc at in.ilimit.es
Thu Oct 11 10:33:01 CEST 2007
Hi, yesterday I tryed pike module:
------------------------------------------------------------------------------------------------------------
modparam("pike", "sampling_time_unit", 10)
modparam("pike", "reqs_density_per_unit", 30)
modparam("pike", "remove_latency", 130)
route{
### pike
if (!pike_check_req()) {
xlog("pike module has detected IP abuse. Terminating message.\n");
exit;
};
# Sanity Check Section
...
...
}
------------------------------------------------------------------------------------------------------------
I runned sipp and generate lot of messages from my laptop to my OpenSer
server. After a while "pike_check_req()" returns FALSE and the message is
terminated. Ok.
But if during the sipp attack I do a call from my laptop softphone (same
public IP then) most of the times the call is accepted, even if I see the
xlog message (because sipp atack) and my IP is listed when doing:
~# openserctl fifo pike_list
How is possible?
And other question: what is exactly "remove_latency" parameter for? I read:
"For how long the IP address will be kept in memory after the last request
from that IP address. It's a sort of timeout value."
- Is it seconds or miliseconds?
- Does it mean the time that listed IP's will be "banned" (I mean the IP's
appearing in "openserctl fifo pike_list")?
I think is not this because I put:
modparam("pike", "remove_latency", 9999999999999)
and the IP dissapears of listed IP's after a few seconds (10 - 20).
Thanks for any explanation. Regards.
--
Iñaki Baz Castillo
ibc at in.ilimit.es
More information about the sr-users
mailing list