[asterisk-dev] GSoC: Implementing Networking Security Framework for DOS attacks

Smita vsmita1 at gmail.com
Tue Mar 24 11:25:50 CDT 2009


Hello,

I wanted to know if this idea is viable. Any help in refining the idea
in the current context is highly appreciated!

Store DoS related information within specfic nodes. This could include
IPs or networks that are blacklisted, etc. When processing an incoming
packet, the origin IP is compared to the data stored. If a match is
found for the IP or the source network, the packet is discarded.

Alternatively, these information nodes could contain Packets Per
Second information for that IP/network. Any packet from this source
that exceeds this count is dropped.

Another variation could be the above concept being applied to session
layer (SIP packets) rather than IP layer.

What I refer to as nodes here, could be a data structure (e.g. like Judy Nodes).

References: http://astridevcon.pbwiki.com/Network-Security-Framework

Please comment.

Thanks,
Smita



More information about the asterisk-dev mailing list