[asterisk-dev] Client Puzzle Protocol in SIP
Tzafrir Cohen
tzafrir.cohen at xorcom.com
Sun Feb 17 01:40:10 CST 2008
On Sat, Feb 16, 2008 at 11:37:46PM -0500, Fadil Sutomo wrote:
> Hi All,
>
> I am interested in developing a client-puzzle mechanism in SIP protocol so
> that any client wants to send an INVITE message to asterisk should solve a
> cryptographic puzzle first. So, anyone of you can give me pointers regarding
> this?
>
> I am thinking about using openSSL api for the crypto in this mechanism, and
> I am not planning to support the clients. I just want to implement this
> mechanism in Asterisk and test it in mitigating DoS attacks..
But what if the client just sends a host of junk requests? This does not
take any calculation. How can Asterisk know a request is junk with doing
very little calculation?
If we can relate several junk requests to the same IP or so: then we can
can throttle requests by IP or whatever. But Asterisk already supports
this, I believe.
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen at xorcom.com
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir
More information about the asterisk-dev
mailing list