[asterisk-users] SIP Register DOS attack

khalid touati khalidtouati at gmail.com
Thu Jun 2 13:09:18 CDT 2011 

Also you guys may need to use:
sip.conf
[general]
allowguest=no
*alwaysauthreject = yes*



On Thu, Jun 2, 2011 at 1:01 PM, Al lists <asteriskal at gmail.com> wrote:

> I'll check this option and see if it helps next time,
> just to clarify, there were no actual calls in place, just DOS register
> attack.
>
>
>   On Wed, Jun 1, 2011 at 12:22 PM, Ira <ira at extrasensory.com> wrote:
>
>>   At 10:56 AM 6/1/2011, you wrote:
>>
>> Do you have:
>>
>> sip.conf
>> [general]
>> allowguest=no
>>
>>
>> So because of this I decided to type "sip show channels" into my Asterisk
>> and got this:
>>
>> Peer             User/ANR    Call ID          Format     Hold  Last
>> Message  Expiry  Peer
>> 216.xxx.69.xxx   (None)      f2d8db55-0a7edd  (nothing)  No    Rx:
>> OPTIONS           <guest>
>> 216.xxx.69.xxx   (None)      2ce0b9a5-6de7f4  (nothing)  No    Rx:
>> OPTIONS           <guest>
>> 64.xxx.41.xxx    6314098389  2a482e4b684a59a  (nothing)
>> No                          <guest>
>> 192.168.233.xxx  (None)     ioh3fna2aw.n4mz  (nothing)  No    Rx:
>> REGISTER          <guest>
>> 4 active SIP dialogs
>>
>> I have allowguest=no and all of those IPs are either my providers or a SIP
>> phone on my network so why would it show <guest> as the peer?
>>
>> I'm running Asterisk SVN-trunk-r319759M  if that matters.
>>
>> Ira
>>
>> --
>> _____________________________________________________________________
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>> New to Asterisk? Join us for a live introductory webinar every Thurs:
>>               http://www.asterisk.org/hello
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>   http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>               http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>



-- 
Abdullah
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20110602/834e7653/attachment.htm>

More information about the asterisk-users mailing list