[asterisk-dev] Rate limiting traffic to address potential DoS
issues?
J. Oquendo
sil at infiltrated.net
Sat Oct 7 08:42:40 MST 2006
Rich Adamson wrote:
>
> Would it be a large load on the system to "count the number of
> improper/bogus signaling packets received in a given time frame" by
> souce IP address, and then dropping (without response) any signaling.
> Notice I inserted "by source IP address" into your statement. Its not
> a lot different then what some firewalls do.
>
Problem with this would be the following:
Attacker(spoofingValidUserIP_Space) --> Attack --> Server
ValidUser --> Register --> Server
Server --> No way --> ValidUser
For the duration of 60 seconds. If the attack is automated, your valid
users will continuously be blocked. If the attack is set to spit out
ranDumb extensions, whatever valid extensions on the server... Will
continuously be blocked.
--
====================================================
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
sil . infiltrated @ net http://www.infiltrated.net
The happiness of society is the end of government.
John Adams
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5157 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.digium.com/pipermail/asterisk-dev/attachments/20061007/ab90b630/smime-0001.bin
More information about the asterisk-dev
mailing list