[asterisk-users] Under heavy attack

C F shmaltz at gmail.com
Sun Oct 31 11:59:29 CDT 2010


On Sun, Oct 31, 2010 at 12:45 PM, Joel Maslak <jmaslak at antelope.net> wrote:
> On Oct 31, 2010, at 9:57 AM, Jeff LaCoursiere <jeff at sunfone.com> wrote:
>
>> This only tells you after it is way too late that you now have upstream
>> bills to wrangle with your carriers about, or (like in my case) that your
>> balance is now depeleted, if it trips anything at all.
>>
>> In my very recent case only FIVE calls, all placed at the same time,
>> caused charges of over US$8K as they stayed connected for over two days.
>> This would not have tripped any erlang threshold, and you don't even know
>> that it is affecting your balance until the calls cease.
>
>
> It would have alerted me within 24 hours, which would have been 1/2 the cost.  Of course I have an average erlong much lower than 5 over 24 hours.
>
> How did they get in?  Did they guess a password to get in?  Was the password a good, complex password?  Or did they get in a different way?
>
> That said (thinking out long), I might need to add a trigger for long-lived calls.  Even one long lived call to the wrong destination would cost significant money.  Maybe I should notify on any call longer than 3 hours during the day, 2 hours long at night?  I'll have to look through my CDRs to see how often this would trigger in my environment.

Has it ever occurred to you? Use fail2ban?

>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>               http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>



More information about the asterisk-users mailing list