...
Note |
---|
Applies to VoipNow 4.0.0x and higher! |
VoipNow 4.0.0 comes packed with an application layer firewall at the SIP level called Pike. Pike is not a programming language. It's a module implemented in Kamailio that keeps track of all incoming requests, logging the source IP address for requests exceeding limits.
This module was not implemented for the purpose of blocking IP addresses when limits are exceeded. It's better not to rely only on Kamailio to block such IP addresses.
Pike also . It simply reports abnormal traffic coming from different sources, allowing the system administrator to decide , via a script, what measures to take using a script.
Step-by-step guide
Pike is disabled by default, but it you can be easily enabled enable it by switching SIP_ANTIABUSE 0 1 in /etc/voipnow/local.conf and then restarting Kamailio:.
Code Block |
---|
# Disable/Enable/Disable theSIP pike module #!define ENABLE_PIKEantiabuse (0/1) SIP_ANTIABUSE 1 |
Pike has Pike contains three different trees and each of them tries to detect signs of abnormal activity within a certain period of time.
Level 1 IP tree detects more than 10 300 auth requests requests per 3010-second sampling unit.
Code Block modparam("pike", "ip_tree", "l1_tree=>sampling_time_unit=3010;reqs_density_per_unit=10300;remove_latency=120")
Level 2 IP tree detects more than 5 failed auth requests per minute. auth requests per 30-second sampling unit.
Code Block modparam("pike", "ip_tree", "l2_tree=>sampling_time_unit=6030;reqs_density_per_unit=5;remove_latency=240")
Level 3 IP tree detects more than 30 failed auth requests per 30 minutes 10-minute sampling unit.
Code Block modparam("pike", "ip_tree", "l3_tree=>sampling_time_unit=1800600;reqs_density_per_unit=30;remove_latency=1800")
Level 4 IP tree detects more than 20 failed auth requests per 5-minute sampling unit.
Code Block modparam("pike", "ip_tree", "l4_tree=>sampling_time_unit=300;reqs_density_per_unit=20;remove_latency=1200")
Here's what each parameter means:
...
Content by Label | ||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...
hidden | true |
---|
...
Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 4.0 International.