Tony, Fair enough -- but what I am trying to prevent is less INVITE issues, but rather the rapid-fire REGISTER commands that seem to cause sipXproxy to die every night when the Chinese start in. It would be easy enough to look for INVITEs as well.
I changed the hashlimit to 5/sec and burst of 10. We'll see if sipXproxy survives the night... On 1/21/2012 8:11 AM, Tony Graziano wrote: > I am not sure it is effective for DDoS or DoS, as it it just looking > for "REGISTER". It will do nothing for "INVITE", which is also > another DoS method. > > If you have a firewall in front of it, you may want to consider > implementing a Country Block and/or Abuse List. > > On Sat, Jan 21, 2012 at 8:51 AM, Robert B<[email protected]> wrote: >> Modified from the FreeSWITCH wiki... >> >> http://wiki.freeswitch.org/wiki/QoS >> >> -A INPUT -p tcp -m tcp -m string -m hashlimit --dport 5060 -j ACCEPT >> --string "REGISTER" --algo bm --to 65 --hashlimit 4/minute >> --hashlimit-burst 1 --hashlimit-mode srcip,dstport --hashlimit-name >> sip_r_limit >> >> Should this achieve the desired result of rate limited registrations? >> >> _______________________________________________ >> sipx-users mailing list >> [email protected] >> List Archive: http://list.sipfoundry.org/archive/sipx-users/ > > _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
