[Freeswitch-users] INVITE DoS Prevention

Steven Ayre steveayre at gmail.com
Wed Feb 23 19:02:27 MSK 2011


That's be within the Sofia stack and it had to acknowledge the INVITE with a
100 Trying otherwise the INVITE either resends or gives up the same as a
packet drop. Sleeping would mean keeping the INVITE in memory for longer
while starting the session before accepting/rejecting it, increasing memory
usage under a DOS attack and therefore making FS fall over faster. It'd also
increase the complexity of the code starting up a session while it puts new
invites aside and schedules them to be processed shortly afterwards. You
couldn't just do a sleep as it'd probably lock Sofia up. Doesn't seem worth
it.

Iptables is a much better way of handling it. You can rate limit per-host.

-Steve


On 23 February 2011 15:10, mazilo <Nabble at slickdeals.endjunk.com> wrote:

>
>
> jay binks wrote:
> > as for rate-limiting responses you can have iptables drop packets over X
> > number of invites per sec ...
> Just a thought. Perhaps, we should contemplate to add a feature on FS to
> set
> maximum of invites/sec/host. When the invites max out, add some sleep to
> slow down the response to the requested host. This will probably slow down
> the bot, especially if the bot is trying to hit a lot of FS servers out
> there.
>
> -----
> FreeSWITCH hosted on a Seagate DockStar with OpenWRT.
> --
> View this message in context:
> http://freeswitch-users.2379917.n2.nabble.com/INVITE-DoS-Prevention-tp6047615p6056642.html
> Sent from the freeswitch-users mailing list archive at Nabble.com.
>
> _______________________________________________
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20110223/a5763a02/attachment.html 


More information about the FreeSWITCH-users mailing list