[Kamailio-Users] htable dictionary attack example

Elena-Ramona Modroiu ramona at asipto.com
Thu Jan 22 12:32:30 CET 2009


Klaus Darilion wrote:
> Elena-Ramona Modroiu schrieb:
>   
>> Hi,
>>
>> Juha Heinanen wrote:
>>     
>>> htable module README has a dictionary attack limitation example.  i'm
>>> afraid to "try it at home", because it seems to me that it in turn opens
>>> up a dos attack possibility: exhausting proxy shared memory by
>>> generating requests with random $au values.  
>>>
>>> in order to avoid that, the script should include check if $au exists
>>> before adding it to dictionary. on am i missing something?
>>>   
>>>       
>> yes, it should be done when return code of www_authorize is -2 (wrong 
>> password):
>> http://kamailio.org/docs/modules/devel/auth_db.html#id2467588
>>     
>
> Hi Ramona!
>
> Could you please improve the example snippet in htable README? thanks
>   
Hi Klaus,

yes, I have just committed an update.

Regards,
Ramona




More information about the Users mailing list