That's be within the Sofia stack and it had to acknowledge the INVITE with a 100 Trying otherwise the INVITE either resends or gives up the same as a packet drop. Sleeping would mean keeping the INVITE in memory for longer while starting the session before accepting/rejecting it, increasing memory usage under a DOS attack and therefore making FS fall over faster. It'd also increase the complexity of the code starting up a session while it puts new invites aside and schedules them to be processed shortly afterwards. You couldn't just do a sleep as it'd probably lock Sofia up. Doesn't seem worth it.<br>
<br>Iptables is a much better way of handling it. You can rate limit per-host.<br><br>-Steve<br><br><br><div class="gmail_quote">On 23 February 2011 15:10, mazilo <span dir="ltr"><<a href="mailto:Nabble@slickdeals.endjunk.com">Nabble@slickdeals.endjunk.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"><div class="im"><br>
<br>
jay binks wrote:<br>
> as for rate-limiting responses you can have iptables drop packets over X<br>
> number of invites per sec ...<br>
</div>Just a thought. Perhaps, we should contemplate to add a feature on FS to set<br>
maximum of invites/sec/host. When the invites max out, add some sleep to<br>
slow down the response to the requested host. This will probably slow down<br>
the bot, especially if the bot is trying to hit a lot of FS servers out<br>
there.<br>
<br>
-----<br>
FreeSWITCH hosted on a Seagate DockStar with OpenWRT.<br>
<font color="#888888">--<br>
View this message in context: <a href="http://freeswitch-users.2379917.n2.nabble.com/INVITE-DoS-Prevention-tp6047615p6056642.html" target="_blank">http://freeswitch-users.2379917.n2.nabble.com/INVITE-DoS-Prevention-tp6047615p6056642.html</a><br>
Sent from the freeswitch-users mailing list archive at Nabble.com.<br>
</font><div><div></div><div class="h5"><br>
_______________________________________________<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="http://www.freeswitch.org" target="_blank">http://www.freeswitch.org</a><br>
</div></div></blockquote></div><br><div style="visibility: hidden; left: -5000px; position: absolute; z-index: 9999; padding: 0px; margin-left: 0px; margin-top: 0px; overflow: hidden; word-wrap: break-word; color: black; font-size: 10px; text-align: left; line-height: 130%;" id="avg_ls_inline_popup">
</div>