[asterisk-dev] Rate limiting traffic to address potential DoS issues?

J. Oquendo sil at infiltrated.net
Sat Oct 7 08:42:40 MST 2006


Rich Adamson wrote:
>
> Would it be a large load on the system to "count the number of 
> improper/bogus signaling packets received in a given time frame" by 
> souce IP address, and then dropping (without response) any signaling. 
> Notice I inserted "by source IP address" into your statement. Its not 
> a lot different then what some firewalls do.
>
Problem with this would be the following:

Attacker(spoofingValidUserIP_Space) --> Attack --> Server
ValidUser --> Register --> Server
Server --> No way --> ValidUser

For the duration of 60 seconds. If the attack is automated, your valid 
users will continuously be blocked. If the attack is set to spit out 
ranDumb extensions, whatever valid extensions on the server... Will 
continuously be blocked.


-- 
====================================================
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
sil . infiltrated @ net http://www.infiltrated.net 

The happiness of society is the end of government.
John Adams

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5157 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.digium.com/pipermail/asterisk-dev/attachments/20061007/ab90b630/smime-0001.bin


More information about the asterisk-dev mailing list