Re: [SR-Users] pike parameters doup when have dinamyc ip clients and scanners

2019-08-15 Thread Daniel-Constantin Mierla
On 15.08.19 11:05, Daniel Tryba wrote: > On Wed, Aug 14, 2019 at 02:52:45PM -0400, PICCORO McKAY Lenz wrote: >>> In my setups I have a limit of 64 requests per 2s. But I also have >>> whitelist (with/via the permissions module) for known high traffic >>> ipaddresses. Dimensioning the pike module

Re: [SR-Users] pike parameters doup when have dinamyc ip clients and scanners

2019-08-15 Thread Daniel Tryba
On Wed, Aug 14, 2019 at 02:52:45PM -0400, PICCORO McKAY Lenz wrote: > > In my setups I have a limit of 64 requests per 2s. But I also have > > whitelist (with/via the permissions module) for known high traffic > > ipaddresses. Dimensioning the pike module for the known high traffic > > hosts kind

Re: [SR-Users] pike parameters doup when have dinamyc ip clients and scanners

2019-08-14 Thread PICCORO McKAY Lenz
El mié., 14 de ago. de 2019 a la(s) 10:11, Daniel Tryba (d.tr...@pocos.nl) escribió: > Yes, this adds the source ip to the htable that is used to block further > requests. But my experience is that if you sent a 200 OK the scans > will stop for the older scanners. So you might want to add a >

Re: [SR-Users] pike parameters doup when have dinamyc ip clients and scanners

2019-08-14 Thread Daniel Tryba
On Wed, Aug 14, 2019 at 08:47:02AM -0400, PICCORO McKAY Lenz wrote: > you said: " A simple SIP phone will only send a couple of messages per > second" > > so if i have that special case with dinamyc ip in clients.. who could be > better to not confuse those clients with intents of attacks? I'm

Re: [SR-Users] pike parameters doup when have dinamyc ip clients and scanners

2019-08-14 Thread PICCORO McKAY Lenz
El mié., 14 de ago. de 2019 a la(s) 04:55, Daniel Tryba (d.tr...@pocos.nl) escribió: > On Tue, Aug 13, 2019 at 03:57:36PM -0430, PICCORO McKAY Lenz wrote: > > # this it's my setup for pike due the dinamyc ip and devices over the > internet: > > modparam("pike", "sampling_time_unit", 4) > >

Re: [SR-Users] pike parameters doup when have dinamyc ip clients and scanners

2019-08-14 Thread Daniel Tryba
On Tue, Aug 13, 2019 at 03:57:36PM -0430, PICCORO McKAY Lenz wrote: > # this it's my setup for pike due the dinamyc ip and devices over the > internet: > modparam("pike", "sampling_time_unit", 4) > modparam("pike", "reqs_density_per_unit", 80) > modparam("pike", "remove_latency", 60) > ... >