[Asterisk-Users] Recommendation for dialplan in case of DDoS atta cks?

Howard Lowndes lannet at lannet.com.au
Mon Feb 28 14:03:55 MST 2005


On Tue, 2005-03-01 at 07:11, Colin Anderson wrote:
> >How about a combination of GotoIF, and app_dbodbc (or app_db):
> 
> >exten => 700,1,playback(ddos-on)
> >exten => 700,2,DBput(DDOS/yes)
> 
> >exten => 701,1,playback(ddos-off)
> >exten => 701,2,DBdel(DDOS/yes)
> 
> >[mymainaa]
> >exten => s,1,DBGET(TRUE=DDOS/yes)
> >exten => s,2,Do this
> 
> >exten =) s,102,do something else
> 
> My comment: Good suggestion, but requires user intervention. I'm lazy and I
> want it to be totally transparent. I'm not avaliable most of the time and
> training someone to do it is not reliable, even my MCSE monkey would have
> trouble figuring out that we are being DoS'd (NOT my hire!)
> 
> -and-
> 
> >Primary * box detects DD0S -> runs:
> 
> >asterisk -rx "database put PANIC DDOS YES"
> 
> >and have your dialplan look for that database family/key being set to
> >determine which path it takes.
> 
> >When the primary * box detects that the DD0S is over -> runs:
> 
> >asterisk -rx "database del PANIC DDOS"
> 
> My comment: Better suggestion, and looks to be workable. What would be a
> good way to detect latency? A cron job that pings a known host with, say, 2K
> of data and pipes it back to a shell script? If so, what kind of frequency
> would be considered effective? Every 30 seconds, 1 minute?

You would probably need to have 2-3 positive samples over a period of,
say, 3 minutes before you triggered the change, otherwise it runs the
risk of being too volatile.  A short packet ping would probably be
better than a long packet transfer.


> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
-- 
Howard.
LANNet Computing Associates;
Your Linux people <http://www.lannetlinux.com>
------------------------------------------
"When you just want a system that works, you choose Linux;
when you want a system that just works, you choose Microsoft."
------------------------------------------
"Flatter government, not fatter government;
Get rid of the Australian states."





More information about the asterisk-users mailing list