[Asterisk-Users] Can bad person with SIPp attack Asterisk ?

Robert Rozman rozman at fri.uni-lj.si
Fri Oct 29 02:20:18 MST 2004


Any more info how to configure Asterisk to limit the number of calls
concurrently ?

Thanks in advance,

Robert.

----- Original Message ----- 
From: <niels at wxn.nl>
To: <asterisk-users at lists.digium.com>
Sent: Friday, October 29, 2004 12:50 AM
Subject: RE: [Asterisk-Users] Can bad person with SIPp attack Asterisk ?


Hello

I would say,

First of all, for users who are authenticated, so really can make calls,
just configure asterisk to limit the number of calls users can make
concurrently

Next, put a firewall in front of your asterisk box which rate limits the
number of connection attempts per second per host.. If you limit this to
lets say about 25 to 50 connection attempts per second per host I would
say you're pretty safe and your asterisk box can't really get overloaded
with malicious packets. this burst limit depends on your config as you
might get much traffic from certain IP's ofcourse

Niels



-----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Flynn
Sent: donderdag 28 oktober 2004 23:54
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: RE: [Asterisk-Users] Can bad person with SIPp attack Asterisk ?

On 10/28/2004, "Patrick" <asterisk at puzzled.xs4all.nl> wrote:

>Absolutely. Some things that come to mind: configure your firewall to
>only accept SIP, IAX2 etc connections from/to IP addresses of the
remote
>servers you interact with.

Wouldn't this, though, not be possible when you're running a
public-type service like FWD etc? Unless they know in advance where
their customers are calling from, which I don't think they do.

>I am sure there are more ways to enhance security and would welcome
>further input from the community. Perhaps the info from this threat
>could then be the start of the Asterisk Security Howto document.
>

What would be good is if someone from FWD with a proven track record
would be so kind as to give pointers on how they handle security on
their platforms.

>About running * non-root. Any information how to go about this? How
>would you exactly configure this? What about zaptel & libpri? Apache
>setup for e.g. * & vmail or astcc interaction, CDR registration (file
or
>DB) etc.
>

You could start out by looking at
http://voip-info.org/tiki-index.php?page=Asterisk+non-root

Cheers
Flynn
_______________________________________________
Asterisk-Users mailing list
Asterisk-Users at lists.digium.com
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users
_______________________________________________
Asterisk-Users mailing list
Asterisk-Users at lists.digium.com
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users




More information about the asterisk-users mailing list