[Asterisk-Users] Recommendation for dialplan in case of DDoS
atta cks?
Colin Anderson
ColinA at landmarkmasterbuilder.com
Mon Feb 28 13:11:47 MST 2005
>How about a combination of GotoIF, and app_dbodbc (or app_db):
>exten => 700,1,playback(ddos-on)
>exten => 700,2,DBput(DDOS/yes)
>exten => 701,1,playback(ddos-off)
>exten => 701,2,DBdel(DDOS/yes)
>[mymainaa]
>exten => s,1,DBGET(TRUE=DDOS/yes)
>exten => s,2,Do this
>exten =) s,102,do something else
My comment: Good suggestion, but requires user intervention. I'm lazy and I
want it to be totally transparent. I'm not avaliable most of the time and
training someone to do it is not reliable, even my MCSE monkey would have
trouble figuring out that we are being DoS'd (NOT my hire!)
-and-
>Primary * box detects DD0S -> runs:
>asterisk -rx "database put PANIC DDOS YES"
>and have your dialplan look for that database family/key being set to
>determine which path it takes.
>When the primary * box detects that the DD0S is over -> runs:
>asterisk -rx "database del PANIC DDOS"
My comment: Better suggestion, and looks to be workable. What would be a
good way to detect latency? A cron job that pings a known host with, say, 2K
of data and pipes it back to a shell script? If so, what kind of frequency
would be considered effective? Every 30 seconds, 1 minute?
More information about the asterisk-users
mailing list