I read documentation for pike usage.. and have a doub.. what it's the
best for very dinamyc ip of my devices.. i mean, i'm just curious of
that very ironic and problematic scenario:

for the scanners i setup fail2ban but only when the scaning are
detecte.. but if i have the pike option how this:

# this it's my setup for pike due the dinamyc ip and devices over the internet:
modparam("pike", "sampling_time_unit", 4)
modparam("pike", "reqs_density_per_unit", 80)
modparam("pike", "remove_latency", 60)
...
route {
  if (!pike_check_req()) {
    xlog("L_ALERT","ALERT: pike block $rm from $fu (IP:$si:$sp)\n");
    exit;
  }
 ...
}


I put the remove latency in 60, so then due are dinamycally must
remian in memory more (due any one will be a possible clilent), just
ban if there are 180 (60*3) request each 4 seconds,

it's a good configuration or maybe i'm wrong please help me!
-- 
Lenz McKAY Gerardo (PICCORO)
http://qgqlochekone.blogspot.com

_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Reply via email to