[asterisk-dev] Client Puzzle Protocol in SIP

Tzafrir Cohen tzafrir.cohen at xorcom.com
Sun Feb 17 01:40:10 CST 2008


On Sat, Feb 16, 2008 at 11:37:46PM -0500, Fadil Sutomo wrote:
> Hi All,
> 
> I am interested in developing a client-puzzle mechanism in SIP protocol so
> that any client wants to send an INVITE message to asterisk should solve a
> cryptographic puzzle first. So, anyone of you can give me pointers regarding
> this?
> 
> I am thinking about using openSSL api for the crypto in this mechanism, and
> I am not planning to support the clients. I just want to implement this
> mechanism in Asterisk and test it in mitigating DoS attacks..

But what if the client just sends a host of junk requests? This does not
take any calculation. How can Asterisk know a request is junk with doing 
very little calculation?

If we can relate several junk requests to the same IP or so: then we can
can throttle requests by IP or whatever. But Asterisk already supports
this, I believe.

-- 
               Tzafrir Cohen
icq#16849755              jabber:tzafrir.cohen at xorcom.com
+972-50-7952406           mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com  iax:guest at local.xorcom.com/tzafrir



More information about the asterisk-dev mailing list