[asterisk-users] Playing with sipvicious ..
Dana Harding
dharding at nucleus.com
Thu Aug 19 06:29:11 CDT 2010
> (I've just had 30GB of sipvicious traffic sent to my hosted servers in a
> 12-hour period - it came from what looked like a VPS host in France -
> trivially firewalled out, but even dropping the packets didn't stop the
> flood! It's so badly written it appears to just ignore any return codes
> that it doesn't want, or even no returns at all!)
>
http://blog.sipvicious.org/2010/06/how-to-crash-sipvicious-introducing.html
It looks like it has been updated so that (with the newer version) this
won't happen.
I think that fail2ban or equivalent could be used to block the offending
IP, and also execute the provided svcrash.py which will send it's one
packet - possibly (if the attacker is using the older sipvicious)
stopping the traffic.
Of course that won't help if the attacker is not using sipvicious and
the other tool also ignores a lack of response.
More information about the asterisk-users
mailing list