That's interesting. I'll have to dig around and see if pfsense has some limiters as part of it's functions.
I'm noticing more and more posts from people saying that have been hit by attacks. I hope more and more people will share their methods on protecting their sipx services. On Sun, 28 Nov 2010 22:39:46 -0500, Gerald Drouillard wrote: > On 10/15/2010 12:08 PM, Gerald Drouillard wrote: > >> I forget where I got the idea for this but you may want to try something >> like this to limit the udp connections on 5060: >> >> FILE=/etc/rc.local >> echo "iptables -A INPUT -p udp --dport 5060 -i eth0 -m state --state NEW >> -m recent --set">>$FILE >> echo "iptables -A INPUT -p udp --dport 5060 -i eth0 -m state --state NEW >> -m recent --rcheck --seconds 3600 --hitcount 100 -j DROP">>$FILE >> echo "iptables -A INPUT -p udp --dport 5060 -i eth0 -m state --state NEW >> -m recent --rcheck --seconds 600 --hitcount 20 -j DROP">>$FILE >> echo "iptables -A INPUT -p udp --dport 5060 -i eth0 -m state --state NEW >> -m recent --rcheck --seconds 300 --hitcount 10 -j DROP">>$FILE >> echo "iptables -A INPUT -p udp --dport 5060 -i eth0 -m state --state NEW >> -m recent --rcheck --seconds 180 --hitcount 5 -j DROP">>$FILE >> echo "iptables -A INPUT -p udp --dport 5060 -i eth0 -m state --state NEW >> -m recent --rcheck --seconds 60 --hitcount 3 -j DROP">>$FILE >> >> To try it out you don't have to put it in the rc.local file, just >> execute the commands as root. Example: >> /sbin/iptables -A INPUT -p udp --dport 5060 -i eth0 -m state --state NEW >> -m recent --set >> >> > Having just experience my first sipvicious attack I would recommend the > following in rc.local: > > /sbin/iptables -A INPUT -p udp --dport 5060 -i eth0 -m state --state NEW > -m recent --set > /sbin/iptables -A INPUT -p udp --dport 5060 -i eth0 -m state --state NEW > -m recent --rcheck --seconds 3600 --hitcount 100 -j REJECT > /sbin/iptables -A INPUT -p udp --dport 5060 -i eth0 -m state --state NEW > -m recent --rcheck --seconds 600 --hitcount 30 -j REJECT > /sbin/iptables -A INPUT -p udp --dport 5060 -i eth0 -m state --state NEW > -m recent --rcheck --seconds 300 --hitcount 20 -j REJECT > /sbin/iptables -A INPUT -p udp --dport 5060 -i eth0 -m state --state NEW > -m recent --rcheck --seconds 180 --hitcount 10 -j REJECT > /sbin/iptables -A INPUT -p udp --dport 5060 -i eth0 -m state --state NEW > -m recent --rcheck --seconds 60 --hitcount 6 -j REJECT > > > Note the use of REJECT instead of DROP. > Inspiration from this came from: > http://jcs.org/notaweblog/2010/04/11/properly_stopping_a_sip_flood/
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
