[Asterisk-Users] Max number of connection in IAX ?

Brancaleoni Matteo mbrancaleoni at espia.it
Fri May 2 06:43:33 MST 2003 

I agree. probably is the best way to prevent
any problem.
(I like the idea to limit my guest user, so
I can provide demo iax connections to all ;-) )

matteo

Il gio, 2003-05-01 alle 23:17, Mark Spencer ha scritto:
> I think the ideas is restricting by per-user or per-peer.
> 
> Mark
> 
> On Thu, 1 May 2003, Tilghman Lesher wrote:
> 
> > On Thursday 01 May 2003 14:45, Brancaleoni Matteo wrote:
> > > Hi.
> > >
> > > I was wondering if there's a parameter to limit
> > > the number of concurrent sessions in IAX, globally or
> > > on a per-user basis.
> > >
> > > That could be needed for security purposes
> > > (to prevent dos attacks), to limit bandwidth / cpu usage, or
> > > to not allow more than N guest connections, for example.
> >
> > Limiting the number of connections will not prevent DOS
> > attacks.  Consider that an IAX session may have an unlimited
> > length.  Now consider an attacker creating N connections,
> > where N is your maximum limit of connections.  The attacker
> > has effectively cut off your ability to place IAX calls.  In
> > other words, resource starvation is just as effective a DOS
> > attack as resource overloading.
> >
> > That said, the usecnt variable in channels/chan_iax.c should
> > contain the current number of IAX channels.
> >
> > A patch as simple as this should work:
> >
> > -Tilghman
> >
> > Index: channels/chan_iax.c
> > ===================================================================
> > RCS file: /usr/cvsroot/asterisk/channels/chan_iax.c,v
> > retrieving revision 1.8
> > diff -u -r1.8 chan_iax.c
> > --- channels/chan_iax.c 27 Apr 2003 21:36:19 -0000      1.8
> > +++ channels/chan_iax.c 1 May 2003 20:58:03 -0000
> > @@ -65,6 +65,8 @@
> >
> >  #define DEBUG_SUPPORT
> >
> > +#define MAX_IAX_CONNECTIONS    30
> > +
> >  /* Sample over last 100 units to determine historic jitter */
> >  #define GAMMA (0.01)
> >
> > @@ -1952,6 +1954,10 @@
> >                 ast_setstate(tmp, state);
> >                 ast_pthread_mutex_lock(&usecnt_lock);
> >                 usecnt++;
> > +               if (usecnt > MAX_IAX_CONNECTIONS) {
> > +                       usecnt--;
> > +                       tmp = NULL;
> > +               }
> >                 ast_pthread_mutex_unlock(&usecnt_lock);
> >                 ast_update_use_count();
> >                 if (state != AST_STATE_DOWN) {
> >
> > _______________________________________________
> > Asterisk-Users mailing list
> > Asterisk-Users at lists.digium.com
> > http://lists.digium.com/mailman/listinfo/asterisk-users
> >
> 
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users

More information about the asterisk-users mailing list