On Tue, Feb 22, 2011 at 3:28 PM, Adrian Georgescu <[email protected]> wrote: > Ovidiu, > > With stolen account credentials one can cause major frauds during a single > weekend without looking like a DOS attack.
That is correct, but I don't really see how ratelimitation would help here for regular accounts. A regular SIP subscriber should have a channel limitation of 2 (no more then 2 simultaneous calls). In this case, the cps doesn't really matter. If a virtual PRI is set up (23 channels for NA or 30 channels for Europe), again the cps doesn't really count. As soon as the virtual PRI is maxed out (in terms of channels) all subsequent calls will be rejected (and the cps will be 0). Now, if we have a large SIP trunk, ratelimiting will indeed help. The ratelimit module has a limit of 16 pipes. This number can be increased, but the module is not optimized to deal with a large number of pipes or dynamic pipes. To summarize, IMHO, the real benefit of ratelimitng (cps control) is for large SIP trunks. For regular SIP subscribers it doesn't really matter (except for malicious traffic that could be detected with pike). Regards, Ovidiu Sas > Rate limiting of normal SIP accounts to a few simultaneous calls or whatever > is normal usage is the best defensive strategy. Pike is not useful for > non-DOS situations like this. > > Adrian _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
