I was looking at being able to have a way to parse the logs at sipx to discover what UA's are generating this. In this fashion I can use a script to crash the remote attacker (from the firewall). I am simply looking at finding a way for sipx to leverage the firewall to assist in defense.
On Mon, Sep 27, 2010 at 7:17 AM, Joegen Baclor <[email protected]> wrote: > IMHO, deny based on UA versus deny based on credentials won't give you > much of a defense against a DOS attack. The only difference between deny > by IP against deny by credentials is it requires two transactions for a deny > by credential to reject the request. Thus it is safe to say that if 1000 > REGISTERS brings down a system where it denies by credential, it would take > double that amount to bring it down if it decides to deny based on IP and I > don't think there won't be any shortage of transactions a DOS attacker can > spawn :-). This is a firewall role. > > > On Monday, 27 September, 2010 06:13 PM, Tony Graziano wrote: > > Is there a way to add a functionality to filter SIP messages based on the > Via headers IP address or names? This would be to make the information > available to a firewall or other script as a measure to identify or protect > against a dos attack. > > If an attack was to send an invite or register using a brute force attack > to attemt to register thousands of times in a very short preiod, it would be > nice to have a detection and limited protection mechanism. > > -- > ====================== > Tony Graziano, Manager > Telephone: 434.984.8430 > sip: [email protected] > Fax: 434.984.8431 > > Email: [email protected] > > LAN/Telephony/Security and Control Systems Helpdesk: > Telephone: 434.984.8426 > sip: [email protected] > Fax: 434.984.8427 > > Helpdesk Contract Customers: > http://www.myitdepartment.net/gethelp/ > > Why do mathematicians always confuse Halloween and Christmas? > Because 31 Oct = 25 Dec. > > > _______________________________________________ > sipx-dev mailing [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-dev/ > > > -- ====================== Tony Graziano, Manager Telephone: 434.984.8430 sip: [email protected] Fax: 434.984.8431 Email: [email protected] LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 sip: [email protected] Fax: 434.984.8427 Helpdesk Contract Customers: http://www.myitdepartment.net/gethelp/ Why do mathematicians always confuse Halloween and Christmas? Because 31 Oct = 25 Dec.
_______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev/
