[asterisk-dev] Rate limiting traffic to address potential DoS
issues?
Andrew Kohlsmith
akohlsmith-asterisk at benshaw.com
Tue Sep 26 16:01:23 MST 2006
On Tuesday 26 September 2006 18:04, Kristian Kielhofner wrote:
> if (!allow_trusted) && (!pike_check_req()) {
> sl_send_reply(403, "You are DOSing me\n");
> exit;
> };
I think this is an excellent suggestion, and hits the middle ground Steven was
talking about. Of course, the reply should be optional, and perhaps
level-based as well... If we're hitting "hmm I'm starting to sweat a little"
levels, send the message back, but if we're in "holy shit dude what the fuck
was THAT?!" levels we just drop it outright. That way the admin who's not
sure where the limits are at least sees SOME kind of message before Asterisk
dies outright, and avoids a lot of "Why is Asterisk accepting every 5th
call?" type of questions.
Of course, these checks add more overhead and lower the absolute keel-over
limit, but IMO they're well worth it.
-A.
More information about the asterisk-dev
mailing list