[asterisk-users] Asterisk runs at 100% CPU

Darrick Hartman dhartman at djhsolutions.com
Wed Nov 17 08:00:44 CST 2010 

Patrick,

I observed this same behavior on a system a few weeks ago.  If Asterisk 
was not running, the CPU load would be normal.  There were no 'failed' 
attempts in any of the logs.  There was a relatively large amount of 
bandwidth coming from a specific IP address.  (I used iftop to determine 
the offending address).

You probably should upgrade to a newer version of Asterisk.  1.4.21 is 
pretty old and likely has several security holes which were fixed in 
newer releases.

Darrick

On 11/17/2010 12:53 AM, Patrick wrote:
> I also forgot to add that my bandwidth is highly used (mostly out
> traffic) since I've detected the "attack"
>
>
>
> On Wed, Nov 17, 2010 at 06:46, Patrick<asterisk-users at ict-synergy.be>  wrote:
>> Dear asterisk users,
>>
>> A few weeks ago I've been attacked by a DOS on REGISTER that I've
>> solved with a fail2ban script.
>> Now, since a few hours, I have my asterisk 1.4.21.2 running at 100% CPU again.
>>
>> I've checked the log and it shows nothing related to failed register
>> or whatever. It just tells me that some of my peers are lagged, even
>> with a verbosity of 10000
>>
>> I've made a "SIP SHOW CHANNELS" and I've a very strange thing, I got
>> between 4000 and 5000 active channels from peer 127.0.0.1. I have no
>> sip phone on localhost. Here is an excerpt of my command
>>
>> Peer             User/ANR    Call ID      Seq (Tx/Rx)  Format
>>   Hold     Last Message
>> 127.0.0.1        (None)      385677377    00101/00001  0x0 (nothing)
>>   No       Rx: REGISTER
>> 127.0.0.1        (None)      1623666249   00101/00001  0x0 (nothing)
>>   No       Rx: REGISTER
>> 127.0.0.1        (None)      1478349241   00101/00001  0x0 (nothing)
>>   No       Rx: REGISTER
>> 127.0.0.1        (None)      1830524844   00101/00001  0x0 (nothing)
>>   No       Rx: REGISTER
>> 127.0.0.1        (None)      1688182896   00101/00001  0x0 (nothing)
>>   No       Rx: REGISTER
>> 127.0.0.1        (None)      1391124899   00101/00001  0x0 (nothing)
>>   No       Rx: REGISTER
>> 127.0.0.1        (None)      2692644729   00101/00001  0x0 (nothing)
>>   No       Rx: REGISTER
>> 127.0.0.1        (None)      2043438815   00101/00001  0x0 (nothing)
>>   No       Rx: REGISTER
>> 127.0.0.1        (None)      3226298375   00101/00001  0x0 (nothing)
>>   No       Rx: REGISTER
>> 127.0.0.1        (None)      170429466    00101/00001  0x0 (nothing)
>>   No       Rx: REGISTER
>>
>> It is not a configuration issue causing loops because my config has
>> not changed since months.
>>
>> Any help is appreciated
>>
>> Best regards,
>> Patrick
>>
>


-- 
Darrick Hartman
DJH Solutions, LLC
http://www.djhsolutions.com

More information about the asterisk-users mailing list