[VoiceOps] Mitigating or stopping TDOS attacks - any advice?

Alex Balashov abalashov at evaristesys.com
Mon May 15 11:19:00 EDT 2017


On Mon, May 15, 2017 at 03:03:31PM +0000, Matthew Yaklin wrote:

> Do you know off hand what criteria Kamailio commonly uses to dump
> excessive SIP flows?
> 
> Is it based on IP (black/whitelists)? Throttling back INVITES from the
> same source?

Kamailio is pretty low-level and programmable, so it could be any of
those things, or other SIP message / packet criteria of your choosing.

I love the flexibility of the pipelimit module:

https://kamailio.org/docs/modules/5.0.x/modules/pipelimit.html

You can use any criteria you like to match the pipe names, and use
arbitrary thresholds that can be pulled from anywhere. 

-- Alex

-- 
Alex Balashov | Principal | Evariste Systems LLC

Tel: +1-706-510-6800 / +1-800-250-5920 (toll-free) 
Web: http://www.evaristesys.com/, http://www.csrpswitch.com/


More information about the VoiceOps mailing list