[Asterisk-Users] Recommendation for dialplan in case of DDoS atta cks?

[Colin Anderson]

>Are these inbound or outbound calls?  (both?) I am pretty confused 
>about all of this...

Sorry, I should have been more specific. The primary Asterisk box that
connects with the PRI is the one I am concerned about being DoS'd - the
remote IAX peer runs off of a cable modem with a dynamic IP, I have a script
that checks it's IP every so often (hopefully before the lease expires!) and
updates our DNS at the office accodingly, so we can address the remote host
as remotehost1 at foo.com etc. Since it's dynamic, and it's on an ISP that is
very proactive about DoS attacks, I'm not concerned about the remote host
getting hosed, only the primary. The remote host would be inbound and
outbound calls, but my users can live with outbound calls being kacked,
inbound they would scream blue murder if it didn't work (salespeople) 

>Isn't this what qualify=<latency> (ie: qualify=200) in your iax/sip.conf
>files is for?

>If the latency exceeds 200ms, Asterisk will automatically disable the
>link, and you can easily use a fail-over method in your dialplan. I
>think something like isChanAvail() might work for that.

I was thinking the same thing too, but from what I have seen qualify=XXX is
not universally supported:

http://lists.digium.com/pipermail/asterisk-users/2005-January/082657.html

We might use an IAX softphone or an IAXy and qualify may or may not be
supported. Ideally, I'd like something that is as device / implementation
independent as possible.

Also, I believe isChanAvail() is boolean with no quality assurances it'd be
worse in my context to throw a call out there that has lots of drops than to
re-route the call to the PSTN, a lot of users in my organization are leery
of VoIP in general and crappy calls would give them ammo to spread FUD about
VoIP.