IMHO, deny based on UA versus deny based on credentials won't give you
much of a defense against a DOS attack. The only difference between
deny by IP against deny by credentials is it requires two transactions
for a deny by credential to reject the request. Thus it is safe to say
that if 1000 REGISTERS brings down a system where it denies by
credential, it would take double that amount to bring it down if it
decides to deny based on IP and I don't think there won't be any
shortage of transactions a DOS attacker can spawn :-). This is a
firewall role.
On Monday, 27 September, 2010 06:13 PM, Tony Graziano wrote:
Is there a way to add a functionality to filter SIP messages based on
the Via headers IP address or names? This would be to make the
information available to a firewall or other script as a measure to
identify or protect against a dos attack.
If an attack was to send an invite or register using a brute force
attack to attemt to register thousands of times in a very short
preiod, it would be nice to have a detection and limited protection
mechanism.
--
======================
Tony Graziano, Manager
Telephone: 434.984.8430
sip: [email protected]
<mailto:[email protected]>
Fax: 434.984.8431
Email: [email protected] <mailto:[email protected]>
LAN/Telephony/Security and Control Systems Helpdesk:
Telephone: 434.984.8426
sip: [email protected]
<mailto:[email protected]>
Fax: 434.984.8427
Helpdesk Contract Customers:
http://www.myitdepartment.net/gethelp/
Why do mathematicians always confuse Halloween and Christmas?
Because 31 Oct = 25 Dec.
_______________________________________________
sipx-dev mailing list
[email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-dev/
_______________________________________________
sipx-dev mailing list
[email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-dev/
