On 17/03/11 05:37, Patrick wrote:
Dear mailing list,
I've a Asterisk 1.4.21.2~dfsg-3+lenny1 package installed on my debian
and I've a strange behavior.
After some days running normally, my asterisk is under heavy attack,
however, there is nothing logged in the console (logging from debug ->
error) or file (level from notice ->error)
I can see that there is also a peak on the network traffic.
My first guess is that I'm suffering from a SIP registration DoS, but,
as there is nothing logged about a "not matching peer" or "incorrect
password" logged to file, my fail2ban script is not blocking the
attacker.
I normally restarts Asterisk and logs are restarting to log attacks,
but, today, it's not working
FYI, I've checked and my loggers are not muted and the logging level
is at least "notice". I've also reloaded my loggers but no effect.
Do you already have experienced such situation ? Is there any known
issue with logging module stopping while Asterisk is DoS'ed ?
Best regards,
Patrick
It's possible that fail2ban has already blocked the incoming
registration attempts but the attacker is still blindly sending packets
to you.
Often a sign the attacker is using an old version of sip-vicious, you
can often stop such things by using the "svcrash.py" script they now
provide.
Check your iptables logs.
cheers,
Paul.
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
