[asterisk-dev] Rate limiting traffic to address potential DoS
issues?
J. Oquendo
sil at infiltrated.net
Wed Sep 27 07:53:38 MST 2006
Jared Smith wrote:
> On 9/26/06, *Steven* <critch at basesys.com <mailto:critch at basesys.com>>
> wrote:
>
> No, apache won't die. Apache will stop answering new requests till a
> child process is able to process the request.
>
>
> Steven makes an important point here -- Apache has some tunable
> parameters that allow you to set it's behavior, depending on your
> circumstances. In the case of Asterisk, we should have a couple of
> knobs we can tweak to control how Asterisk handles a high number of
> incoming connections, whether they're just a traffic spike or a DoS
> attack.
>
> I know that other VoIP vendors claim they can handle X number of
> invalid connections per second while still keeping all the legitimate
> calls working -- I'd obviously like to see Asterisk do the same (for
> reasonable values of X, of course). Unfortunately, in the limited
> load testing I've done with Asterisk (specifically in the SIP
> channel), when you start to send more than a few incoming calls per
> second, Asterisk starts to freak out; namely, it responds to the wrong
> packets, sends multiple replies, and/or crashes.
>
> I know I talked to several people about this at VON -- does anybody
> have a lead on some good high-end VoIP call generators we can use to
> test Asterisk and make it better?
>
> -Jared
> ------------------------------------------------------------------------
>
> _______________________________________________
> --Bandwidth and Colocation provided by Easynews.com --
>
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-dev
>
This entire thread Kevin started was because I discovered a four fold
DoS. When a fix is mitigated I will post the tool. If you care to see
the errors the tool created please do so at:
http://www.infiltrated.net/hangups
--
====================================================
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
sil . infiltrated @ net http://www.infiltrated.net
The happiness of society is the end of government.
John Adams
More information about the asterisk-dev
mailing list