[SR-Users] Mitigating DDOS attacks from carrier based on ani or dnis by limitating cps or blocking when detecting

anfecora anfecora at gmail.com
Thu Sep 8 06:12:59 CEST 2016

Hi is there any way to use pike and htable to mitigate ddos or  flood
attack from trusted trunks.

I need help to build it the same way kamailio control registrations.

Case a carrier trunk star calling several users from the system to more
than 50 CPS(calls per second), it will affect the system but cannot block
the trunk since it is pstn traffic coming from a sip provider, therefore we
need to find a way to identify this traffic based on ANI or DNIS or any
other header and then blocked for a time just like pike does with
registrations, then start the cycle all over.

in less words make kamailio be aware of  invite request rate, then verify
that is from the same source means ani or dnis then tagged as bad traffic
them star dropping it for a specified time, while normal traffic still
flowing unaffected.

any recommendations will be highly appreciated.

thank you
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20160907/aea93aca/attachment.html>

More information about the sr-users mailing list