Any more info how to configure Asterisk to limit the number of calls concurrently ?
Thanks in advance, Robert. ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, October 29, 2004 12:50 AM Subject: RE: [Asterisk-Users] Can bad person with SIPp attack Asterisk ? Hello I would say, First of all, for users who are authenticated, so really can make calls, just configure asterisk to limit the number of calls users can make concurrently Next, put a firewall in front of your asterisk box which rate limits the number of connection attempts per second per host.. If you limit this to lets say about 25 to 50 connection attempts per second per host I would say you're pretty safe and your asterisk box can't really get overloaded with malicious packets. this burst limit depends on your config as you might get much traffic from certain IP's ofcourse Niels -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Flynn Sent: donderdag 28 oktober 2004 23:54 To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: RE: [Asterisk-Users] Can bad person with SIPp attack Asterisk ? On 10/28/2004, "Patrick" <[EMAIL PROTECTED]> wrote: >Absolutely. Some things that come to mind: configure your firewall to >only accept SIP, IAX2 etc connections from/to IP addresses of the remote >servers you interact with. Wouldn't this, though, not be possible when you're running a public-type service like FWD etc? Unless they know in advance where their customers are calling from, which I don't think they do. >I am sure there are more ways to enhance security and would welcome >further input from the community. Perhaps the info from this threat >could then be the start of the Asterisk Security Howto document. > What would be good is if someone from FWD with a proven track record would be so kind as to give pointers on how they handle security on their platforms. >About running * non-root. Any information how to go about this? How >would you exactly configure this? What about zaptel & libpri? Apache >setup for e.g. * & vmail or astcc interaction, CDR registration (file or >DB) etc. > You could start out by looking at http://voip-info.org/tiki-index.php?page=Asterisk+non-root Cheers Flynn _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users