[asterisk-users] Playing with sipvicious ..

Dana Harding dharding at nucleus.com
Thu Aug 19 06:29:11 CDT 2010

> (I've just had 30GB of sipvicious traffic sent to my hosted servers in a
> 12-hour period - it came from what looked like a VPS host in France -
> trivially firewalled out, but even dropping the packets didn't stop the
> flood! It's so badly written it appears to just ignore any return codes
> that it doesn't want, or even no returns at all!)

It looks like it has been updated so that (with the newer version) this 
won't happen.
I think that fail2ban or equivalent could be used to block the offending 
IP,  and also execute the provided svcrash.py which will send it's one 
packet - possibly (if the attacker is using the older sipvicious) 
stopping the traffic.

Of course that won't help if the attacker is not using sipvicious and 
the other tool also ignores a lack of response.

More information about the asterisk-users mailing list