On Thu, 2010-10-28 at 09:41 +0200, Per Jessen wrote: > Over the last two weeks, we have had at least two "incidents" where our > asterisk server got flooded (a hundred or more per second) by SIP > packets. Once from 114.31.50.10, second time from 173.212.200.146. We > became aware of the problem when bandwidth started suffering because > asterisk got very busy sending back replies or rejects (dunno which, I > didn't investigate it any further). > The immediate issues were dealt with by having the firewall drop those > packets, but I was wondering: > > 1) if anyone has seen the same problem, and > 2) if you've got some iptables rules for limiting inbound SIP by rate? > (or some such). > > > thanks > Per Jessen, Zürich
Was it legitimate requests or a brute force attack? If it was a brute force attack have you considered using fail2ban? Ish -- Ishfaq Malik Software Developer PackNet Ltd Office: 0161 660 3062 -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users