[asterisk-dev] Rate limiting traffic to address potential DoS issues?

Andrew Kohlsmith akohlsmith-asterisk at benshaw.com
Tue Sep 26 16:01:23 MST 2006


On Tuesday 26 September 2006 18:04, Kristian Kielhofner wrote:
> if (!allow_trusted) && (!pike_check_req()) {
>    sl_send_reply(403, "You are DOSing me\n");
>    exit;
> };

I think this is an excellent suggestion, and hits the middle ground Steven was 
talking about.  Of course, the reply should be optional, and perhaps 
level-based as well...  If we're hitting "hmm I'm starting to sweat a little" 
levels, send the message back, but if we're in "holy shit dude what the fuck 
was THAT?!" levels we just drop it outright.  That way the admin who's not 
sure where the limits are at least sees SOME kind of message before Asterisk 
dies outright, and avoids a lot of "Why is Asterisk accepting every 5th 
call?" type of questions.

Of course, these checks add more overhead and lower the absolute keel-over 
limit, but IMO they're well worth it.

-A.


More information about the asterisk-dev mailing list