SIP Antiflooding

SIP Proxies included in IvozProvider installation for SIP signalling use PIKE module to avoid DoS attacks.

This module keeps trace of incoming request’s IP address and blocks the ones that exceed the limit on a given time interval.

Warning

IPs are not blocked permanently, they are blocked for 5 minutes. After this time, they are allowed again as long as their incoming request rate don’t exceed the limit.

Tip

Antiflood banned IPs shows a list of addresses that have been banned at some point.

Current configuration parameters are:

  • Sampling time interval: 2 seconds.
  • Threshold per time unit: 100 requests.

This means that any IP address that sends more than 100 requests in a 2-second-time-interval will be blocked (ignored) for 5 minutes. After this time, it will be unblocked and its request rate will be evaluated again.

Note

Be aware that some requests are not taken into account by antiflood, continue reading please.

Which requests are taken into account in KamUsers?

Client side requests usually traverse 2 different phases:

  • Step 0: initial checks, endpoint identification and authentication.
  • Step 1: remaining logic.

Antiflood will take into account:

  • Requests failing during step 0:
    • Requests not using SIP domain in KamUsers (except wholesale).
    • Requests from non-existing AoRs in KamUsers.
    • Requests failing SIP authentication with wrong passwords in KamUsers.
  • Initial INVITE requests reaching step 1 (aka: new call establishments of legitimate clients).

Tip

Note that antiflood will not take into account successful REGISTER/SUBSCRIBE cycles.

Which requests are taken into account in KamTrunks?

Antiflood will take into account:

  • SIP OPTIONS from non-DDIproviders.
  • Non-DDIproviders talking to KamTrunks.

Tip

Note that antiflood will not take into account DDI Provider requests to KamTrunks.