[asterisk-users] SIP Register DOS attack
Al lists
asteriskal at gmail.com
Tue May 31 17:24:38 CDT 2011
Hi List
Recently i have noticed this attack on couple of servers,
usually a foreign IP starts sending tons of register request without any
answer to authentication,
if you type sip show channels in cli you will see tons of these:
1.2.3.4 (None) 2389603298 00101/00001 0x0 (nothing) No
Rx: REGISTER
since there is no authentication in place, asterisk does not see any failed
register attempt, so there wont be anything added to log file as failed
attempt.
thus fail2ban wont see any activity and wont block the IP.
it simply brings down the internet link and the box due to too many sip
channels.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20110531/df967d15/attachment.htm>
More information about the asterisk-users
mailing list