FYI - On our firewalls we use a blocklist that denies all inbound from CHINA, etc.
On Sat, Jan 21, 2012 at 6:35 PM, Robert B <[email protected]> wrote: > Tony, > > Fair enough -- but what I am trying to prevent is less INVITE issues, but > rather the rapid-fire REGISTER commands that seem to cause sipXproxy to die > every night when the Chinese start in. It would be easy enough to look for > INVITEs as well. > > I changed the hashlimit to 5/sec and burst of 10. > > We'll see if sipXproxy survives the night... > > > > > On 1/21/2012 8:11 AM, Tony Graziano wrote: >> >> I am not sure it is effective for DDoS or DoS, as it it just looking >> for "REGISTER". It will do nothing for "INVITE", which is also >> another DoS method. >> >> If you have a firewall in front of it, you may want to consider >> implementing a Country Block and/or Abuse List. >> >> On Sat, Jan 21, 2012 at 8:51 AM, Robert B<[email protected]> wrote: >>> >>> Modified from the FreeSWITCH wiki... >>> >>> http://wiki.freeswitch.org/wiki/QoS >>> >>> -A INPUT -p tcp -m tcp -m string -m hashlimit --dport 5060 -j ACCEPT >>> --string "REGISTER" --algo bm --to 65 --hashlimit 4/minute >>> --hashlimit-burst 1 --hashlimit-mode srcip,dstport --hashlimit-name >>> sip_r_limit >>> >>> Should this achieve the desired result of rate limited registrations? >>> >>> _______________________________________________ >>> sipx-users mailing list >>> [email protected] >>> List Archive: http://list.sipfoundry.org/archive/sipx-users/ >> >> >> > -- ====================== Tony Graziano, Manager Telephone: 434.984.8430 sip: [email protected] Fax: 434.465.6833 Email: [email protected] LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 sip: [email protected] Helpdesk Customers: http://myhelp.myitdepartment.net Blog: http://blog.myitdepartment.net Linked-In Profile: http://www.linkedin.com/pub/tony-graziano/14/4a6/7a4 Ask about our Internet Fax services! _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
