Applies to VoipNow 4.0.0x and higher!
VoipNow 4.0.0 comes packed with an application layer firewall at the SIP level called Pike. Pike is not a programming language. It's a module implemented in Kamailio that keeps track of all incoming requests, logging the source IP address for requests exceeding limits.
Pike is disabled by default, but it you can be easily enabled enable it by switching SIP_ANTIABUSE 1 in /etc/voipnow/local.conf and then restarting Kamailio:.
# Disable/Enable SIP antiabuse (0/1) SIP_ANTIABUSE 1
Pike contains has three different trees and each of them tries to detect signs of abnormal activity within a certain period of time.
Level 1 IP tree detects more than 300 auth requests per 10-second sampling unit.
modparam("pike", "ip_tree", "l1_tree=>sampling_time_unit=10;reqs_density_per_unit=300;remove_latency=120")
Level 2 IP tree detects more than 5 failed auth requests per 30-second sampling unit.
modparam("pike", "ip_tree", "l2_tree=>sampling_time_unit=30;reqs_density_per_unit=5;remove_latency=240")
Level 3 IP tree detects more than 30 failed auth requests per 10-minute sampling unit.
modparam("pike", "ip_tree", "l3_tree=>sampling_time_unit=600;reqs_density_per_unit=30;remove_latency=1800")
Level 4 IP tree detects more than 20 failed auth requests per 5-minute sampling unit.
modparam("pike", "ip_tree", "l4_tree=>sampling_time_unit=300;reqs_density_per_unit=20;remove_latency=1200")
Here's what each parameter means:
Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution 4.0 International.