[VoiceOps] Mitigating or stopping TDOS attacks - any advice?
Alex Balashov
abalashov at evaristesys.com
Mon May 15 11:19:00 EDT 2017
On Mon, May 15, 2017 at 03:03:31PM +0000, Matthew Yaklin wrote:
> Do you know off hand what criteria Kamailio commonly uses to dump
> excessive SIP flows?
>
> Is it based on IP (black/whitelists)? Throttling back INVITES from the
> same source?
Kamailio is pretty low-level and programmable, so it could be any of
those things, or other SIP message / packet criteria of your choosing.
I love the flexibility of the pipelimit module:
https://kamailio.org/docs/modules/5.0.x/modules/pipelimit.html
You can use any criteria you like to match the pipe names, and use
arbitrary thresholds that can be pulled from anywhere.
-- Alex
--
Alex Balashov | Principal | Evariste Systems LLC
Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free)
Web: http://www.evaristesys.com/, http://www.csrpswitch.com/
More information about the VoiceOps
mailing list