[OpenSIPS-Users] Fwd: Re: How to protect OpenSIPS from undesidered requests (DoS attack?)
Hubert Mickael
mickael at winlux.fr
Wed Mar 6 20:48:10 CET 2013
Hi,
Pike module to stop flood ?
I have add perl script at pike to add firewall rule in my freebsd.
Example opensips conf:
#------------------- module pike ---------------
loadmodule "pike.so"
#----------- pike params ------------
modparam("pike", "sampling_time_unit", 2)
modparam("pike", "reqs_density_per_unit", 80)
modparam("pike", "remove_latency", 130)
modparam("pike", "pike_log_level", -1)
in script:
/ if(!pike_check_req())//
// {//
// if(perl_exec("pikesendmail"))//
// {//
// xlog("L_INFO","Fonction perl_exec PIKE OK");//
// }//
// xlog("L_WARN","PIKE_CHECK_REQ banned IP $si because of
flooding requests");//
// exit;//
// }/
perl script:
sub pikesendmail
{
MIME::Lite->send('smtp', 'smtp.....');
my $serverIP = OpenSIPS::AVP::get("serverIP");
my $sourceIP = OpenSIPS::AVP::get("sourceIP");
my @exceptions = (@my IP);
my $logfile = "/var/log/pikemodule.log";
my $date = localtime();
open LOGFILE, ">>$logfile" or die "cannot open logfile $logfile
for append: $!";
my $subject = "IP $sourceIP blocked by server $serverIP";
my @body ;
my @argsbash ;
my @listeIP ;
my $maxid ;
my $newid ;
my $reglepresente = 0 ;
my $inhib = 0 ;
my $i=0;
for $i (@exceptions)
{
if($sourceIP eq $i)
{
$inhib = 1 ;
last ;
}
}
foreach(`ipfw list | grep ^005 | awk -F" " {'print \$5'}`)
{
push (@listeIP,$_) ;
}
for(@listeIP){
print "$_";
if($_ =~ $sourceIP){
#print "regle deja presente\n";
$reglepresente = 1 ;
}
}
if($reglepresente == 0 && $inhib == 0){
$maxid=`ipfw list | grep ^005 | tail -n1 | awk -F" "
{'print \$1'} | sed "s/^00//"`;
if ($maxid eq ''){
$newid = 500 ;
}else{
$newid = $maxid+1 ;
}
@argsbash = ("ipfw", "add $newid deny ip from $sourceIP
to me");
if(system(@argsbash) == 0
or die "system @argsbash failed: $?"){
print LOGFILE "$date INFO : Nouveau blocage
pour SIP flooding \n";
print LOGFILE "$date INFO : Regle IPFW
appliquee ID $newid \n";
log(L_INFO, "SIP Flooding, IP $sourceIP blocked
with IPFW rule $newid\n");
}
open(EMAILB,"/usr/local/libexec/templ_email.tpl") || die ("Erreur
d'ouverture de EMAILB") ;
while (<EMAILB>) {
$_ =~ s/PARA1/$sourceIP/g;
$_ =~ s/PARA2/$serverIP/g;
$_ =~ s/PARA3/$newid/g;
push (@body,$_);
}
close(EMAILB);
# Création d'un objet MIME::Lite avec les en-têtes du
message
my $message = MIME::Lite->new(
From => 'OpenSIPS <noreply at hexanet.fr>',
To => '',
Subject => "$subject",
"X-Mailer" => 'OpenSIPS',
Type => 'text/html',
Data => "@body",
);
if($message->send()){
print LOGFILE "$date INFO : Mail envoye pour
blocage IP $sourceIP\n";
log(L_INFO, "SIP Flooding, mail has been sent\n");
}
close LOGFILE ;
}
return 1;
}
bye
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20130306/28370980/attachment-0001.htm>
More information about the Users
mailing list