[SR-Users] Mitigating DDOS attacks from carrier based on ani or dnis by limitating cps or blocking when detecting

Alex Balashov abalashov at evaristesys.com
Thu Sep 8 06:23:12 CEST 2016


May I humbly suggest the very flexible pipelimit module?

On 09/08/2016 12:12 AM, anfecora wrote:

> Hi is there any way to use pike and htable to mitigate ddos or  flood
> attack from trusted trunks.
>
> I need help to build it the same way kamailio control registrations.
>
> Case a carrier trunk star calling several users from the system to more
> than 50 CPS(calls per second), it will affect the system but cannot
> block the trunk since it is pstn traffic coming from a sip provider,
> therefore we need to find a way to identify this traffic based on ANI or
> DNIS or any other header and then blocked for a time just like pike does
> with registrations, then start the cycle all over.
>
> in less words make kamailio be aware of  invite request rate, then
> verify that is from the same source means ani or dnis then tagged as bad
> traffic them star dropping it for a specified time, while normal traffic
> still flowing unaffected.
>
> any recommendations will be highly appreciated.
>
> thank you
>
>
> _______________________________________________
> SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
> sr-users at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
>


-- 
Alex Balashov | Principal | Evariste Systems LLC

Tel: +1-706-510-6800 (direct) / +1-800-250-5920 (toll-free)
Web: http://www.evaristesys.com/, http://www.csrpswitch.com/



More information about the sr-users mailing list