[Kamailio-Users] htable dictionary attack example
Elena-Ramona Modroiu
ramona at asipto.com
Wed Jan 21 18:29:26 CET 2009
Hi,
Juha Heinanen wrote:
> htable module README has a dictionary attack limitation example. i'm
> afraid to "try it at home", because it seems to me that it in turn opens
> up a dos attack possibility: exhausting proxy shared memory by
> generating requests with random $au values.
>
> in order to avoid that, the script should include check if $au exists
> before adding it to dictionary. on am i missing something?
>
yes, it should be done when return code of www_authorize is -2 (wrong
password):
http://kamailio.org/docs/modules/devel/auth_db.html#id2467588
Regards,
Ramona
More information about the sr-users
mailing list