I read documentation for pike usage.. and have a doub.. what it's the
best for very dinamyc ip of my devices.. i mean, i'm just curious of
that very ironic and problematic scenario:

for the scanners i setup fail2ban but only when the scaning are
detecte.. but if i have the pike option how this:

# this it's my setup for pike due the dinamyc ip and devices over the internet:
modparam("pike", "sampling_time_unit", 4)
modparam("pike", "reqs_density_per_unit", 80)
modparam("pike", "remove_latency", 60)
route {
  if (!pike_check_req()) {
    xlog("L_ALERT","ALERT: pike block $rm from $fu (IP:$si:$sp)\n");

I put the remove latency in 60, so then due are dinamycally must
remian in memory more (due any one will be a possible clilent), just
ban if there are 180 (60*3) request each 4 seconds,

it's a good configuration or maybe i'm wrong please help me!
Lenz McKAY Gerardo (PICCORO)

Kamailio (SER) - Users Mailing List

Reply via email to