[SR-Users] dictionary attacks
Daniel-Constantin Mierla
miconda at gmail.com
Sun Oct 24 21:16:23 CEST 2010
On 10/24/10 8:24 PM, Alex Balashov wrote:
> On 10/24/2010 12:18 PM, Iñaki Baz Castillo wrote:
>
>> Of course, the perfect solution would be Kamailio acting as fail2ban.
>> This is, "pike" module inserting dynamic rules in iptables. Opinnions?
>
> You could spawn a Perl script that does it, but it'd be kind of slow.
If you use the perl module, then the perl interpreter is embedded,
nothing is spawn. Same is with app_lua module and Lua scripts -
execution should be very fast.
If you invoke other applications via exec() (exec module) then is spawning.
Cheers,
Daniel
>
> I think to come up with a good way to implement this, it is necessary
> to recognise that there are many topologies other than a firewall
> local on the Kamailio host that need to be accommodated, as well as an
> asynchronous architecture. Many people would not want spam requests
> to even get to the Kamailio box to take up any resources, however
> small (netfilter), once they have been determined to be spam.
>
> Some sort of IPC queue that can be consumed by an outside,
> non-Kamailio process would probably be the best way to do this.
>
> Many commercial routers (such as Vyatta) are beginning to have
> firewall control APIs via HTTP/REST with which rules can be added.
> Adding a ban rule to the router is something that could be done with
> utils:http_qiery(). Blocking could probably be fixed by deferring the
> HTTP requests with mqueue + rtimer.
>
>
--
Daniel-Constantin Mierla
http://www.asipto.com
More information about the sr-users
mailing list