[asterisk-dev] Rate limiting traffic to address potential DoS issues?

[Rich Adamson]

Jay R. Ashworth wrote:
> On Tue, Sep 26, 2006 at 02:30:04PM -0500, Kevin P. Fleming wrote:
>> A community member has communicated to me a couple of issues where if
>> he sends large volumes of correctly-formatted (but otherwise invalid)
>> packets at Asterisk channel drivers, Asterisk behaves quite poorly.
>> In general it does not crash, but it will lose calls, respond very
>> slowly, etc.

FWIW, I was able to do the same thing with cisco's call manager. Had 
some time left at the end of a semi-formal cisco presentation and we 
(the presenter and I) decided to see what it would take to kill call 
manager. We tried various approaches by sending large amounts of 
broadcasts, replay of a previously captured session, etc.

It didn't take long to kill it, and it failed in such a way as to 
require a power cycle to bring it back alive. ;)

I guess from a corporate / private asterisk implementation, I'd suggest 
the cleanup activities have a priority of a 1 or 2 (with 5 representing 
a high priority). But from an exposed itsp perspective, that priority is 
probably a 3 or 4 (until someone figures out that a DoS attack can be 
successful) and then it likely becomes a 5.