[OpenSIPS-Users] Register attack!
Saúl Ibarra Corretgé
saul at ag-projects.com
Wed Nov 10 14:34:25 CET 2010
Hi Flavio,
On 11/03/2010 06:23 PM, Flavio Goncalves wrote:
> Hi Saul,
>
> I did like your solution. My only concern about Pike was to block
> legitimate traffic. A SIP dialer can easily get to the pike threshold,
> but doing pike_check_req() just for register, options and bye requests
> seems to avoid this.
>
> The only "but" is, the attack can also be done using INVITE and using
> Pike with INVITE can make you drop legitimate traffic, my initial
> concern. I think, that detecting authentication requests with wrong
> passwords or inexistent users is still the most generic solution. Just
> an opinion.
>
Of course, pike is not a solution alone. I've also seen pik ekick in if
you have too many MESSAGEs stored on msilo for example. Different
techniques need to be used in order to cover most of the cases, as you
pointed out.
Regards,
--
Saúl Ibarra Corretgé
AG Projects
More information about the Users
mailing list