Hi Tzafrir,<br><br>Thanks for your reply..<br> I am not planning to prevent DOS attacks completely. And I am not interested as well in programming each legitimate client connected to Asterisk.<br><br>But again, my plan is only want to test client-puzzle mechanism in Asterisk nothing else, really. So, I would like to know what happen to the attacker if Asterisk responds with cryptographic puzzle.<br>
If the attacker sends 100,000 junk INVITE (maybe INVITE message to non-existent client), then Asterisk will respond with a puzzle that the attacker has to solve, which "maybe" will mitigate the DOS from this attacker.<br>
<br>So, if anyone has pointers regarding this, please tell me.<br><br>Thank you.<br>Fadil<br><br><div class="gmail_quote">On Feb 17, 2008 2:40 AM, Tzafrir Cohen <<a href="mailto:tzafrir.cohen@xorcom.com">tzafrir.cohen@xorcom.com</a>> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div><div></div><div class="Wj3C7c">On Sat, Feb 16, 2008 at 11:37:46PM -0500, Fadil Sutomo wrote:<br>
> Hi All,<br>><br>> I am interested in developing a client-puzzle mechanism in SIP protocol so<br>> that any client wants to send an INVITE message to asterisk should solve a<br>> cryptographic puzzle first. So, anyone of you can give me pointers regarding<br>
> this?<br>><br>> I am thinking about using openSSL api for the crypto in this mechanism, and<br>> I am not planning to support the clients. I just want to implement this<br>> mechanism in Asterisk and test it in mitigating DoS attacks..<br>
<br></div></div>But what if the client just sends a host of junk requests? This does not<br>take any calculation. How can Asterisk know a request is junk with doing<br>very little calculation?<br><br>If we can relate several junk requests to the same IP or so: then we can<br>
can throttle requests by IP or whatever. But Asterisk already supports<br>this, I believe.<br><br>--<br> Tzafrir Cohen<br>icq#16849755 jabber:<a href="mailto:tzafrir.cohen@xorcom.com">tzafrir.cohen@xorcom.com</a><br>
+972-50-7952406 mailto:<a href="mailto:tzafrir.cohen@xorcom.com">tzafrir.cohen@xorcom.com</a><br><a href="http://www.xorcom.com" target="_blank">http://www.xorcom.com</a> <a href="http://iax:guest@local.xorcom.com/tzafrir" target="_blank">iax:guest@local.xorcom.com/tzafrir</a><br>
<br>_______________________________________________<br>--Bandwidth and Colocation Provided by <a href="http://www.api-digital.com--" target="_blank">http://www.api-digital.com--</a><br><br>asterisk-dev mailing list<br>To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-dev" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-dev</a><br></blockquote></div><br>