<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p><tt>Hmmm... indeed, the "sequential calls" only reset if you dial
a different number.</tt></p>
<p><tt>If the other stats reset at midnight/interval change, I don't
see why this specific one should be different. To me, it looks
like a bug. Do you agree?</tt><br>
</p>
<pre class="moz-signature" cols="72">Liviu Chircu
OpenSIPS Developer
<a class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a></pre>
<div class="moz-cite-prefix">On 03.04.2018 16:49, Denis via Users
wrote:<br>
</div>
<blockquote type="cite" cite="mid:1940771522763382@web15g.yandex.ru">
<div>Hello Liviu!</div>
<div> </div>
<div>I am sorry, i totally missed one important thing - serial
forking)))</div>
<div>I.e. i had 52 records in accounting, but several of them
leads to one call.</div>
<div>As a result i had exactly 29 calls before fraud module became
block subsequent calls.</div>
<div> </div>
<div>About counters reset i understood. Thank you.</div>
<div> </div>
<div>The last question about "sequential_calls". This counter does
not reset? Even in manual mode?</div>
<div> </div>
<div>Thank you.</div>
<div> </div>
<div>-- </div>
<div>С уважением, Денис.</div>
<div>Best regards, Denis</div>
<div> </div>
<div> </div>
<div> </div>
<div> </div>
<div> </div>
<div>03.04.2018, 15:30, "Liviu Chircu" <a class="moz-txt-link-rfc2396E" href="mailto:liviu@opensips.org"><liviu@opensips.org></a>:</div>
<blockquote type="cite">
<div bgcolor="#FFFFFF">
<p>Hi Denis,</p>
<p>Regarding the "52 calls" vs. 25/30 limits, are you sure all
52 calls were made by the same user? Keep in mind that all
fraud_detection module stats are per-user counters, and not
global counters. If they really were all made by the same
user, please let me know and I will double-check my tests.</p>
<p>The "cpm", "total_calls" and "concurrent_calls" reset
either on an interval change or at midnight (new day ahead).
This leads to a possible undetected abuse of up to 2x your
provisioned "cpm", "total_calls" or "concurrent_calls", if
the malicious user places "limit - 1" events before the
reset, followed by another "limit - 1" events past the
reset. If this is too much for you, then your provisioned
limits (thresholds) are incorrect, and you should simply cut
them in half.</p>
<p>Best regards,</p>
<pre>Liviu Chircu
OpenSIPS Developer
<a href="http://www.opensips-solutions.com/" moz-do-not-send="true">http://www.opensips-solutions.com</a></pre>
<div>On 22.03.2018 09:59, Denis via Users wrote:</div>
<blockquote type="cite"
cite="mid:181311521705588@web5g.yandex.ru">
<div>Hello!</div>
<div> </div>
<div>Is there any idea about the problem?</div>
<div> </div>
<div>Thank you.</div>
<div> </div>
<div>-- </div>
<div>С уважением, Денис.</div>
<div>Best regards, Denis</div>
<div> </div>
<div> </div>
<div> </div>
<div> </div>
<div> </div>
<div>16.03.2018, 15:22, "Denis via Users" <a
href="mailto:users@lists.opensips.org"
moz-do-not-send="true"><users@lists.opensips.org></a>:</div>
<blockquote type="cite">
<div>Hello!</div>
<div> </div>
<div>I am sorry that it was early, but anyway.</div>
<div> </div>
<div>Server:: OpenSIPS (2.2.5 (x86_64/linux))</div>
<div> </div>
<div>Fraud_module has been activated.</div>
<div> </div>
<div>Profile data</div>
<div> </div>
<div><img src="cid:part3.C7A32D82.2A1B81AC@opensips.org"
class=""></div>
<div> </div>
<div>17.02.18 20:55 Opensips received first fraud call.</div>
<div>And before Opensips detected fraud there were 52 yet
calls to 810 prefix.</div>
<div> </div>
<div>First question is why it didn`t detected fraud early
(dialing with total_calls, for example)?</div>
<div> </div>
<div>Then.</div>
<div> </div>
<div>Till the end of 17.02 Opensips blocked the calls from
client to 810, but in 18.02 i can see success fraud
calls to 810 from the client again.</div>
<div> </div>
<div>Second question is why? Opensips resets count every
new day?</div>
<div> </div>
<div>Thank you.</div>
<div> </div>
<div>-- </div>
<div>С уважением, Денис.</div>
<div>Best regards, Denis</div>
<div> </div>
<div> </div>
<div> </div>
,
<p>_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org"
moz-do-not-send="true">Users@lists.opensips.org</a><br>
<a
href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users"
moz-do-not-send="true">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a></p>
</blockquote>
<pre>_______________________________________________
Users mailing list
<a href="mailto:Users@lists.opensips.org" moz-do-not-send="true">Users@lists.opensips.org</a>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" moz-do-not-send="true">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
</div>
,
<p>_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org"
moz-do-not-send="true">Users@lists.opensips.org</a><br>
<a
href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users"
moz-do-not-send="true">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a></p>
</blockquote>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a>
<a class="moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
</body>
</html>