[asterisk-dev] Rate limiting traffic to address potential DoS
issues?
Rich Adamson
radamson at routers.com
Tue Sep 26 20:54:12 MST 2006
Jay R. Ashworth wrote:
> On Tue, Sep 26, 2006 at 02:30:04PM -0500, Kevin P. Fleming wrote:
>> A community member has communicated to me a couple of issues where if
>> he sends large volumes of correctly-formatted (but otherwise invalid)
>> packets at Asterisk channel drivers, Asterisk behaves quite poorly.
>> In general it does not crash, but it will lose calls, respond very
>> slowly, etc.
FWIW, I was able to do the same thing with cisco's call manager. Had
some time left at the end of a semi-formal cisco presentation and we
(the presenter and I) decided to see what it would take to kill call
manager. We tried various approaches by sending large amounts of
broadcasts, replay of a previously captured session, etc.
It didn't take long to kill it, and it failed in such a way as to
require a power cycle to bring it back alive. ;)
I guess from a corporate / private asterisk implementation, I'd suggest
the cleanup activities have a priority of a 1 or 2 (with 5 representing
a high priority). But from an exposed itsp perspective, that priority is
probably a 3 or 4 (until someone figures out that a DoS attack can be
successful) and then it likely becomes a 5.
More information about the asterisk-dev
mailing list