El mié., 14 de ago. de 2019 a la(s) 10:11, Daniel Tryba (d.tr...@pocos.nl)
escribió:

> Yes, this adds the source ip to the htable that is used to block further
> requests. But my experience is that if you sent a 200 OK the scans
> will stop for the older scanners. So you might want to add a
> sl_send_reply("200", "OK");
> before the drop.
>
added! thanks

but:

> I'm not sure what you are trying to say here.
>
> In my setups I have a limit of 64 requests per 2s. But I also have
> whitelist (with/via the permissions module) for known high traffic
> ipaddresses. Dimensioning the pike module for the known high traffic
> hosts kind of defeats the purpose of using pike to detect strange
> unwanted traffic. The correct numbers depend on your endpoints.
>
i cannot use whitelist due my experiment are for all dinamyc ip clients
so what its the meaning of "depend on your endpoints" ?


> if(src_ip!=myself && !allow_address("2", "$si", "$sp"))
> {
>    if($sht(ipban=>$si)!=$null)
>    {
>        # ip is already blocked
>            exit;
>    }
>
>    if (!pike_check_req())
>    {
>        $sht(ipban=>$si) = 1;
>        exit;
>
>

>
> > oh, also i put for scanners that:
> >
> > if($ua =~ "friendly-scanner") {
> >    xlog("L_ALERT", "friendly scanning incoming $rm IP:$si:$sp - R:$ruri -
> > F:$fu - T:$tu - UA:$ua - $rm\n");
> >   $sht(ipban=>$si) = 1;
> >    drop();
> > }
> >
> > so i ban the ip where the friendly scanner are made for a while, it's
> that
> > correct?
>
>


>
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users@lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
_______________________________________________
Kamailio (SER) - Users Mailing List
sr-users@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

Reply via email to