<div dir="ltr">maybe a log file, and deny ip is faster<div style>but if you want it per user, it's slower, since you must check if user is ok in a database<br>using ip, you only need to log and a external program (ex fail2ban) can block it via iptables, hosts.deny or other method</div>
<div style><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">2013/3/6 Muhammad Shahzad <span dir="ltr"><<a href="mailto:shaheryarkh@gmail.com" target="_blank">shaheryarkh@gmail.com</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>While this will work for small setups but i have feeling that this won't be suitable for high load productive systems, since it does same thing as fail2ban but runs INLINE, blocking other sip requests till it is finished.</div>
<br><div>Thank you.<br><br><br><div class="gmail_quote"><div><div class="h5">On Wed, Mar 6, 2013 at 8:48 PM, Hubert Mickael <span dir="ltr"><<a href="mailto:mickael@winlux.fr" target="_blank">mickael@winlux.fr</a>></span> wrote:<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5">
<div><div>
<div bgcolor="#FFFFFF" text="#000000">
Hi,<br>
<div>
<div> Pike module to stop flood ?<br>
I have add perl script at pike to add firewall rule in my
freebsd.<br>
<br>
Example opensips conf:<br>
<br>
#------------------- module pike ---------------<br>
loadmodule "pike.so"<br>
#----------- pike params ------------<br>
modparam("pike", "sampling_time_unit", 2)<br>
modparam("pike", "reqs_density_per_unit", 80)<br>
modparam("pike", "remove_latency", 130)<br>
modparam("pike", "pike_log_level", -1)<br>
<br>
in script:<br>
<br>
<i> if(!pike_check_req())</i><i><br>
</i><i> {</i><i><br>
</i><i> if(perl_exec("pikesendmail"))</i><i><br>
</i><i> {</i><i><br>
</i><i> xlog("L_INFO","Fonction perl_exec
PIKE OK");</i><i><br>
</i><i> }</i><i><br>
</i><i> xlog("L_WARN","PIKE_CHECK_REQ banned IP
$si because of flooding requests");</i><i><br>
</i><i> exit;</i><i><br>
</i><i> }</i><br>
<br>
perl script:<br>
<br>
<br>
sub pikesendmail<br>
{<br>
MIME::Lite->send('smtp', 'smtp.....');<br>
<br>
my $serverIP = OpenSIPS::AVP::get("serverIP");<br>
my $sourceIP = OpenSIPS::AVP::get("sourceIP");<br>
<br>
my @exceptions = (@my IP);<br>
<br>
my $logfile = "/var/log/pikemodule.log";<br>
my $date = localtime();<br>
open LOGFILE, ">>$logfile" or die "cannot open
logfile $logfile for append: $!";<br>
<br>
my $subject = "IP $sourceIP blocked by server
$serverIP";<br>
my @body ;<br>
my @argsbash ;<br>
my @listeIP ;<br>
my $maxid ;<br>
my $newid ;<br>
my $reglepresente = 0 ;<br>
my $inhib = 0 ;<br>
my $i=0;<br>
<br>
for $i (@exceptions)<br>
{<br>
if($sourceIP eq $i)<br>
{<br>
$inhib = 1 ;<br>
last ;<br>
}<br>
}<br>
<br>
foreach(`ipfw list | grep ^005 | awk -F" " {'print
\$5'}`)<br>
{<br>
push (@listeIP,$_) ;<br>
}<br>
<br>
for(@listeIP){<br>
print "$_";<br>
if($_ =~ $sourceIP){<br>
#print "regle deja presente\n";<br>
$reglepresente = 1 ;<br>
}<br>
}<br>
<br>
if($reglepresente == 0 && $inhib == 0){<br>
<br>
$maxid=`ipfw list | grep ^005 | tail -n1 | awk
-F" " {'print \$1'} | sed "s/^00//"`;<br>
if ($maxid eq ''){<br>
$newid = 500 ;<br>
}else{<br>
$newid = $maxid+1 ;<br>
}<br>
<br>
<br>
@argsbash = ("ipfw", "add $newid deny ip from
$sourceIP to me");<br>
if(system(@argsbash) == 0<br>
or die "system @argsbash failed: $?"){<br>
print LOGFILE "$date INFO : Nouveau
blocage pour SIP flooding \n";<br>
print LOGFILE "$date INFO : Regle IPFW
appliquee ID $newid \n";<br>
log(L_INFO, "SIP Flooding, IP $sourceIP
blocked with IPFW rule $newid\n");<br>
}<br>
<br>
open(EMAILB,"/usr/local/libexec/templ_email.tpl") || die
("Erreur d'ouverture de EMAILB") ;<br>
while (<EMAILB>) {<br>
$_ =~ s/PARA1/$sourceIP/g;<br>
$_ =~ s/PARA2/$serverIP/g;<br>
$_ =~ s/PARA3/$newid/g;<br>
push (@body,$_);<br>
}<br>
<br>
close(EMAILB);<br>
<br>
# Création d'un objet MIME::Lite avec les
en-têtes du message<br>
my $message = MIME::Lite->new(<br>
From => 'OpenSIPS <a href="mailto:noreply@hexanet.fr" target="_blank"><noreply@hexanet.fr></a>',<br>
To => '',<br>
Subject => "$subject",<br>
"X-Mailer" => 'OpenSIPS',<br>
Type => 'text/html',<br>
Data => "@body",<br>
);<br>
<br>
if($message->send()){<br>
print LOGFILE "$date INFO : Mail envoye
pour blocage IP $sourceIP\n";<br>
log(L_INFO, "SIP Flooding, mail has been
sent\n");<br>
}<br>
<br>
close LOGFILE ;<br>
}<br>
<br>
return 1;<br>
}<br>
<br>
bye<br>
</div>
</div>
</div>
</div></div><br></div></div><div class="im">_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org" target="_blank">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
<br></div></blockquote></div><div class="im"><br><br clear="all"><div><br></div>-- <br><span style="color:rgb(136,136,136);font-size:13px;font-family:arial,sans-serif">Muhammad Shahzad</span><br style="color:rgb(136,136,136);font-size:13px;font-family:arial,sans-serif">
<span style="color:rgb(136,136,136);font-size:13px;font-family:arial,sans-serif">------------------------------</span><span style="color:rgb(136,136,136);font-size:13px;font-family:arial,sans-serif">-----</span><br style="color:rgb(136,136,136);font-size:13px;font-family:arial,sans-serif">
<span style="color:rgb(136,136,136);font-size:13px;font-family:arial,sans-serif">CISCO Rich Media Communication Specialist (CRMCS)</span><br style="color:rgb(136,136,136);font-size:13px;font-family:arial,sans-serif">
<span style="color:rgb(136,136,136);font-size:13px;font-family:arial,sans-serif">CISCO Certified Network Associate (CCNA)</span><br style="color:rgb(136,136,136);font-size:13px;font-family:arial,sans-serif">
<span style="color:rgb(136,136,136);font-size:13px;font-family:arial,sans-serif">Cell: <a href="tel:%2B49%20176%2099%2083%2010%2085" value="+4917699831085" target="_blank">+49 176 99 83 10 85</a></span><br style="color:rgb(136,136,136);font-size:13px;font-family:arial,sans-serif">
<span style="color:rgb(136,136,136);font-size:13px;font-family:arial,sans-serif">MSN: </span><a href="mailto:shari_786pk@hotmail.com" style="color:rgb(17,85,204);font-size:13px;font-family:arial,sans-serif" target="_blank">shari_786pk@hotmail.com</a><br style="color:rgb(136,136,136);font-size:13px;font-family:arial,sans-serif">
<span style="color:rgb(136,136,136);font-size:13px;font-family:arial,sans-serif">Email: </span><a href="mailto:shaheryarkh@googlemail.com" style="color:rgb(17,85,204);font-size:13px;font-family:arial,sans-serif" target="_blank">shaheryarkh@googlemail.com</a>
</div></div>
<br>_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr">Roberto Spadim<br>SPAEmpresarial</div>
</div>