Re: [OpenSIPS-Users] Opensips 2.5 and fraud module

Tue, 03 Apr 2018 05:29:50 -0700 

Hi Denis,
Regarding the "52 calls" vs. 25/30 limits, are you sure all 52 calls were made by the same user? Keep in mind that all fraud_detection module stats are per-user counters, and not global counters. If they really were all made by the same user, please let me know and I will double-check my tests. 


The "cpm", "total_calls" and "concurrent_calls" reset either on an 
interval change or at midnight (new day ahead). This leads to a possible 
undetected abuse of up to 2x your provisioned "cpm", "total_calls" or 
"concurrent_calls", if the malicious user places "limit - 1" events 
before the reset, followed by another "limit - 1" events past the reset. 
If this is too much for you, then your provisioned limits (thresholds) 
are incorrect, and you should simply cut them in half.


Best regards,

Liviu Chircu
OpenSIPS Developer
http://www.opensips-solutions.com

On 22.03.2018 09:59, Denis via Users wrote:

Hello!
Is there any idea about the problem?
Thank you.
--
С уважением, Денис.
Best regards, Denis
16.03.2018, 15:22, "Denis via Users" <[email protected]>:

Hello!
I am sorry that it was early, but anyway.
Server:: OpenSIPS (2.2.5 (x86_64/linux))
Fraud_module has been activated.
Profile data
17.02.18 20:55 Opensips received first fraud call.
And before Opensips detected fraud there were 52 yet calls to 810 prefix.

First question is why it didn`t detected fraud early (dialing with 
total_calls, for example)?

Then.

Till the end of 17.02 Opensips blocked the calls from client to 810, 
but in 18.02 i can see success fraud calls to 810 from the client again.

Second question is why? Opensips resets count every new day?
Thank you.
--
С уважением, Денис.
Best regards, Denis
,

_______________________________________________
Users mailing list
[email protected] <mailto:[email protected]>
http://lists.opensips.org/cgi-bin/mailman/listinfo/users




_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users



_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users






















					Reply via email to