actually same thing happened to us a year ago (under asterisk 1.2) we solved the same day discovered by putting both:<br><br><span style="color: rgb(0, 0, 0);"><font face="Arial" size="2">allowguest=no </font></span><br>alwaysauthreject = yes<br>
<br><br><br><br><br><div class="gmail_quote">On Sun, Oct 3, 2010 at 7:17 PM, Barry Miller <span dir="ltr"><<a href="mailto:asterisk-users@notanet.net">asterisk-users@notanet.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div class="im">On Sun, Oct 03, 2010 at 02:19:35PM -0600, Greg Saunders wrote:<br>
> Hello all. I was recently the victim of a SIP flood attack. I'm wondering<br>
> what is the best method to prevent such things in the future.<br>
<br>
</div>In sip.conf:<br>
[general]<br>
alwaysauthreject = yes<br>
<br>
The attacking program is probably svwar.py (part of SIPVicious). It<br>
will give up as soon as it realizes it can't tell the difference<br>
between attempting to register an invalid extension and a valid one<br>
(with an arbitrary password).<br>
<br>
It's the default in 1.8, but the option goes back at least to 1.4.<br>
<br>
--<br>
<font color="#888888">Barry<br>
</font><div><div></div><div class="h5"><br>
--<br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
New to Asterisk? Join us for a live introductory webinar every Thurs:<br>
<a href="http://www.asterisk.org/hello" target="_blank">http://www.asterisk.org/hello</a><br>
<br>
asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Abdullah<br>