Handling SIP Flood Attacks Using Kamailio
The Pike module in Kamailio provides detection and alerting of “excessive” SIP traffic to your system. Within the module you can configure the rate limit, time period, and amount of time that the IP (ipv4 or ipv6) should be blocked. For example, you can configure your system to say that 30 requests from the same IP within 5 seconds should trigger a block of that IP for 5 minutes. I absolutely love this module and, in my case, Pike more often finds abusive traffic (like dialers) than SIP floods attacks....