On Sat, Oct 30, 2010 at 07:33:23PM -0600, Joel Maslak wrote: > The CPU usage is trivial to deny them. As is the bandwidth usage, if > you are not sitting on a slowish broadband connection.
s/slow/assymetric/ > > Sure blocking doesn't hurt, but does the help it provides exceed the > downsides (effort and risk of blocking legitimate users)? I suspect it > doesn't...if you have strong passwords. If you have weak passwords, you > should fix that. > > It also seems that the only way to make blocking effective is to > block everything by default except known endpoints. Blocking the > door knickers doesn't protect against a bad guy finding (not through > brute force) valid credentials. Unless you have people on the road. Or unless you have people who want to actually use the peer-to-peer nature of SIP and call your SIP address. > > For me, monitoring outbound call volume makes a lot more sense. > I would love to see an easy to use, out of the box method to alert > me if more than "x" number of erlangs* are exceeded within a five > minute, sixty minute, and one day time period. For me, I would want > alerting on more than 10 erlangs over five minutes, 8 over an hour, > and 2 over a day. Exceeding these would likely indicate fraud for > my installation. Smaller sites would use smaller numbers, larger > ones would use bigger ones. I suspect even munin would provide you such options. Not to mention any more capable monitor. -- Tzafrir Cohen icq#16849755 jabber:tzafrir.co...@xorcom.com +972-50-7952406 mailto:tzafrir.co...@xorcom.com http://www.xorcom.com iax:gu...@local.xorcom.com/tzafrir -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users