On Sun, Feb 5, 2012 at 12:59 PM, Keith Laidlaw <laidlaw1...@rogers.com> wrote: > So, 4.6 will have a great rate limiter but temporarily add limiting by > pfsense or Robert’s iptable rule method. What does fail2ban add to this? > > Creating it's own blacklists automatically of course. > > > Also, does the DoS attack crash the two services or is it a design decision > to shut them down when an attack is detected? If the first, has the crash > been fixed for 4.6 or does 4.6 only address prevention (by the limiter). > > Neither, it simply overwhelms your system based on the available resources if the attack is intense enough and your resources are scant enough. > > > Finally, is there a great howto for configuring pfsense 2.0 for sipx > (including SIP rate limiters, country block etc.) > I have several blog entries on pfsense at blog.myitdepartment.net
The rate limiter is a simple to field config in the firewall in rules on the port. You should install one to see it. CountryBlock is now called pfBlocker. You simply click to install it and choose which countries to block. It's very self explanatory. > > > Keith > > > > From: sipx-users-boun...@list.sipfoundry.org > [mailto:sipx-users-boun...@list.sipfoundry.org] On Behalf Of S.K.- G > Sent: Sunday, February 05, 2012 10:44 AM > > > To: 'Discussion list for users of sipXecs software' > Subject: Re: [sipx-users] Sip Vicious and Remote Workers > > > > OK, I think I will try to integrate fail2ban with SIPX .. Any “How to“ > recommendations? http://sourceforge.net/projects/fail2ban/files/ > > > > From: sipx-users-boun...@list.sipfoundry.org > [mailto:sipx-users-boun...@list.sipfoundry.org] On Behalf Of Michael Picher > Sent: Sunday, February 05, 2012 9:13 AM > To: Discussion list for users of sipXecs software > Subject: Re: [sipx-users] Sip Vicious and Remote Workers > > > > it's call pfblocker... add the package in the first menu on the left... > > On Sun, Feb 5, 2012 at 8:55 AM, S.K.- G <skhan...@gmail.com> wrote: > > Nice!! > > Welcome me to the SIP Vicious too L.My CDR record is full of “Failed” trials > to international numbers .. Any help on how to install/configure the SIPX, > Country Block Option in pfSense? The gz link doesn’t seem to work. > > > > Cheers > > Saad > > From: sipx-users-boun...@list.sipfoundry.org > [mailto:sipx-users-boun...@list.sipfoundry.org] On Behalf Of Robert B > Sent: Sunday, February 05, 2012 8:42 AM > To: sipx-users@list.sipfoundry.org > > > Subject: Re: [sipx-users] Sip Vicious and Remote Workers > > > > Keith, > > > > These other solutions that are being recommended are great, but I actually > found a very simple way that works "well enough" for me *so far*... > > Change your iptable rule that allows port 5060 to something like the > following: > > -A INPUT -p tcp -m tcp -m string -m hashlimit --dport 5060 -j ACCEPT > --string "REGISTER sip:" --algo bm --to 65 --hashlimit 5/second > --hashlimit-burst 10 --hashlimit-mode srcip,dstport --hashlimit-name > sip_r_limit > > It adds a simple rate limiter using source IP and destination port hash so > that no single IP can send more than five REGISTER commands per second. This > is not the be-all-end-all solution. However, in lieu of taking the time to > setup fail2ban, this should do the trick. > > -- Robert > > > > On 2/4/2012 5:47 PM, Keith Laidlaw wrote: > > I have a working, stable sipX system (4.4.0 from ISO) with various > same-subnet phones and sipxbridge to an ITSP (Voip.ms). The entire system > is behind a port restricted NAT. All is well. > > > > Recently I tried to add remote workers to the mix, very carefully. The > first - and only - thing I did was port forward 5060 TCP/UDP and 30000-31000 > UDP. When I did this I experienced what I suspect is the sipvicious problem > described elsewhere in this list. Every 24 hours or so, sipxproxy and > sipxregistrar prevent phones from registering and the only cure is to > restart those two. > > > > My questions: > > > > 1) What is the best way to confirm that my problem is due to > sipvicious. > > 2) Is the detailed reason that sipvicious causes an irrecoverable > lockup well known? > > 3) Does 4.6 handle this situation better and make it into a (self) > recoverable situation? > > 4) Does 4.6 offer sipvicious protection to minimise this from happening > in the first place? > > 5) In the meantime, is pfsense my best option to block sipvicious (and > also change me to symmetric)? > > 6) Is there an ISO for pfsense that is appropriate for sipx? Or an ISO > with instructions for configuring for sipx? > > > > Any help would be appreciated. > > > > Keith > > > > > > > _______________________________________________ > sipx-users mailing list > sipx-users@list.sipfoundry.org > List Archive: http://list.sipfoundry.org/archive/sipx-users/ > > > > > > -- > Michael Picher, Director of Technical Services > eZuce, Inc. > > 300 Brickstone Square > > Suite 201 > > Andover, MA. 01810 > > O.978-296-1005 X2015 > M.207-956-0262 > @mpicher <http://twitter.com/mpicher> > www.ezuce.com > > > > ------------------------------------------------------------------------------------------------------------ > > Hope to see you at the sipX CoLab! http://www.sipfoundry.org/sipx-colab > > A gathering for - open source users, eZuce customers & eZuce partners > > Get the inside track on 4.6 and a glimpse at the future of sipXecs! > > > > > _______________________________________________ > sipx-users mailing list > sipx-users@list.sipfoundry.org > List Archive: http://list.sipfoundry.org/archive/sipx-users/ -- ~~~~~~~~~~~~~~~~~~ Tony Graziano, Manager Telephone: 434.984.8430 sip: tgrazi...@voice.myitdepartment.net Fax: 434.465.6833 ~~~~~~~~~~~~~~~~~~ LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 sip: helpd...@voice.myitdepartment.net Helpdesk Customers: http://myhelp.myitdepartment.net Blog: http://blog.myitdepartment.net Linked-In Profile: http://www.linkedin.com/pub/tony-graziano/14/4a6/7a4 Ask about our Internet Fax services! -- LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 sip: helpd...@voice.myitdepartment.net Helpdesk Customers: http://myhelp.myitdepartment.net Blog: http://blog.myitdepartment.net _______________________________________________ sipx-users mailing list sipx-users@list.sipfoundry.org List Archive: http://list.sipfoundry.org/archive/sipx-users/
