[Freeswitch-users] INVITE DoS Prevention
Nabble at slickdeals.endjunk.com
Wed Feb 23 22:49:44 MSK 2011
Steven Ayre wrote:
> That's be within the Sofia stack and it had to acknowledge the INVITE with
> 100 Trying otherwise the INVITE either resends or gives up the same as a
> packet drop. Sleeping would mean keeping the INVITE in memory for longer
> while starting the session before accepting/rejecting it, increasing
> usage under a DOS attack and therefore making FS fall over faster. It'd
> increase the complexity of the code starting up a session while it puts
> invites aside and schedules them to be processed shortly afterwards. You
> couldn't just do a sleep as it'd probably lock Sofia up. Doesn't seem
When in sleep mode, check the new INVITEs against the same host. If so, then
send them to sleep, too. If invites in sleep reaches Y amount, we can flag
the host to ignore further requests and release/junk all the sleeping
INVITEs. A database needs be setup to keep a tab of all rogue hosts.
FreeSWITCH hosted on a Seagate DockStar with OpenWRT.
View this message in context: http://freeswitch-users.2379917.n2.nabble.com/INVITE-DoS-Prevention-tp6047615p6057618.html
Sent from the freeswitch-users mailing list archive at Nabble.com.
More information about the FreeSWITCH-users