[SR-Users] dictionary attacks
Alex Balashov
abalashov at evaristesys.com
Sun Oct 24 20:24:24 CEST 2010
On 10/24/2010 12:18 PM, Iñaki Baz Castillo wrote:
> Of course, the perfect solution would be Kamailio acting as fail2ban.
> This is, "pike" module inserting dynamic rules in iptables. Opinnions?
You could spawn a Perl script that does it, but it'd be kind of slow.
I think to come up with a good way to implement this, it is necessary
to recognise that there are many topologies other than a firewall
local on the Kamailio host that need to be accommodated, as well as an
asynchronous architecture. Many people would not want spam requests
to even get to the Kamailio box to take up any resources, however
small (netfilter), once they have been determined to be spam.
Some sort of IPC queue that can be consumed by an outside,
non-Kamailio process would probably be the best way to do this.
Many commercial routers (such as Vyatta) are beginning to have
firewall control APIs via HTTP/REST with which rules can be added.
Adding a ban rule to the router is something that could be done with
utils:http_qiery(). Blocking could probably be fixed by deferring the
HTTP requests with mqueue + rtimer.
--
Alex Balashov - Principal
Evariste Systems LLC
1170 Peachtree Street
12th Floor, Suite 1200
Atlanta, GA 30309
Tel: +1-678-954-0670
Fax: +1-404-961-1892
Web: http://www.evaristesys.com/
More information about the sr-users
mailing list