[asterisk-users] SIP flood attacK
Barry Miller
asterisk-users at notanet.net
Sun Oct 3 18:17:36 CDT 2010
On Sun, Oct 03, 2010 at 02:19:35PM -0600, Greg Saunders wrote:
> Hello all. I was recently the victim of a SIP flood attack. I'm wondering
> what is the best method to prevent such things in the future.
In sip.conf:
[general]
alwaysauthreject = yes
The attacking program is probably svwar.py (part of SIPVicious). It
will give up as soon as it realizes it can't tell the difference
between attempting to register an invalid extension and a valid one
(with an arbitrary password).
It's the default in 1.8, but the option goes back at least to 1.4.
--
Barry
More information about the asterisk-users
mailing list