<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p><tt>Nice! I noticed your blog post as well :)</tt><br>
</p>
<pre class="moz-signature" cols="72">Liviu Chircu
OpenSIPS Developer
<a class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a></pre>
<div class="moz-cite-prefix">On 24.05.2018 07:56, Alexey K. via
Users wrote:<br>
</div>
<blockquote type="cite"
cite="mid:1527137770.48724964@f396.i.mail.ru">
<pre wrap="">Done.
1. ipset create SIPFLOOD hash:ip timeout 120 comment
2. iptables -A INPUT -m set --match-set SIPFLOOD src -j DROP
3. add to /etc/sudoers:
opensips ALL= NOPASSWD: /sbin/ipset
4. OpenSIPS config (OPTIONS processing for test environment):
#### exec
loadmodule "exec.so"
#### antiflood module
loadmodule "pike.so"
modparam("pike", "sampling_time_unit", 2)
modparam("pike", "reqs_density_per_unit", 10)
modparam("pike", "remove_latency", 120)
...
if(is_method("OPTIONS")) {
pike_check_req();
switch($retcode) {
case -2: # detected once - simply drop the request
exit;
case -1: # detected again - ban the IP and drop request
exec("/usr/bin/sudo ipset -exist add SIPFLOOD $si");
exit;
}
sl_send_reply("200", "OK");
exit;
}
5. Test with sipp. Generate 70 requests (-r) in 2 seconds (-rp 2000) and exiting sipp after sending 70 requests (-m):
sipp 172.16.0.222 -r 70 -rp 2000 -m 70 -sf OPTIONS.xml
OPTIONS.xml contents:
<?xml version="1.0" encoding="us-ascii"?>
<scenario name="Options">
<send>
<![CDATA[
OPTIONS sip:[service]@[remote_ip] SIP/2.0
Via: SIP/2.0/[transport] [local_ip]:[local_port];branch=[branch]
Max-Forwards: 70
To: <a class="moz-txt-link-rfc2396E" href="sip:[service]@[remote_ip]" moz-do-not-send="true"><sip:[service]@[remote_ip]></a>
From: sipp <a class="moz-txt-link-rfc2396E" href="sip:sipp@[local_ip]:[local_port]" moz-do-not-send="true"><sip:sipp@[local_ip]:[local_port]></a>;tag=[call_number]
Call-ID: [call_id]
CSeq: 1 OPTIONS
Contact: <a class="moz-txt-link-rfc2396E" href="sip:sipp@[local_ip]:[local_port]" moz-do-not-send="true"><sip:sipp@[local_ip]:[local_port]></a>
Accept: application/sdp
Content-Length: 0
]]>
</send>
</scenario>
6. Profit <span class="moz-smiley-s1" title=":)"><span>:)</span></span>
</pre>
</blockquote>
<br>
</body>
</html>