[SR-Users] pike parameters doup when have dinamyc ip clients and scanners

PICCORO McKAY Lenz mckaygerhard at gmail.com
Wed Aug 14 14:47:02 CEST 2019 

El mié., 14 de ago. de 2019 a la(s) 04:55, Daniel Tryba (d.tryba at pocos.nl)
escribió:

> On Tue, Aug 13, 2019 at 03:57:36PM -0430, PICCORO McKAY Lenz wrote:
> > # this it's my setup for pike due the dinamyc ip and devices over the
> internet:
> > modparam("pike", "sampling_time_unit", 4)
> > modparam("pike", "reqs_density_per_unit", 80)
> > modparam("pike", "remove_latency", 60)
>


> With above settings a client will be banned if it sends more than 80
> messages per 4s. And ipaddresses will be tracked by pike for at max 60s
> after the last request.
>
Thanks a lot, the language barrier confused all, you confirmed to me..
that the pike only are a tool to property ban with htable.. thanks o lot

But now have a doub, please guide me with that:

Wheter the config id good depends on the behavior of your clients. A
> simple SIP phone will only send a couple of messages per second. A
> multitenant machine can send many depending on the number of channels
> and trunks configured (and the way it may REGISTER, e.g. asterisk tries
> to REGISTER all trunks at the same time (sequentially))
>

you said: " A simple SIP phone will only send a couple of messages per
second"

so if i have that special case with dinamyc ip in clients.. who could be
better to not confuse those clients with intents of attacks?

oh, also i put for scanners that:

if($ua =~ "friendly-scanner") {
   xlog("L_ALERT", "friendly scanning incoming $rm IP:$si:$sp - R:$ruri -
F:$fu - T:$tu - UA:$ua - $rm\n");
  $sht(ipban=>$si) = 1;
   drop();
}

so i ban the ip where the friendly scanner are made for a while, it's that
correct?


>
>
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20190814/8463dffd/attachment.html>

More information about the sr-users mailing list