[asterisk-users] SIP flood attacK

khalid touati khalidtouati at gmail.com
Mon Oct 4 10:35:23 CDT 2010


actually same thing happened to us a year ago (under asterisk 1.2) we solved
the same day discovered by putting both:

allowguest=no
alwaysauthreject = yes





On Sun, Oct 3, 2010 at 7:17 PM, Barry Miller <asterisk-users at notanet.net>wrote:

> On Sun, Oct 03, 2010 at 02:19:35PM -0600, Greg Saunders wrote:
> > Hello all. I was recently the victim of a SIP flood attack. I'm wondering
> > what is the best method to prevent such things in the future.
>
> In sip.conf:
>        [general]
>        alwaysauthreject = yes
>
> The attacking program is probably svwar.py (part of SIPVicious).  It
> will give up as soon as it realizes it can't tell the difference
> between attempting to register an invalid extension and a valid one
> (with an arbitrary password).
>
> It's the default in 1.8, but the option goes back at least to 1.4.
>
> --
> Barry
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>               http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>



-- 
Abdullah
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20101004/f1ef9608/attachment.htm 


More information about the asterisk-users mailing list