<p>Two incidents in two weeks is not bad. I get 2-4 a day. There must be many here with even more than that. You should start considering some safety practices like disabling long distance and international calls by default, put a cap on long distance and international calls even for genuine users, and who don't want to have caps, get their consent that they'll not argue with you if their accounts are hacked. Probably do prepaid billing at least for long distance and international calls.</p>
<p>Other than that, fail2ban is a must have. Detailed installation instructions you can find at <a href="http://voip-info.org">voip-info.org</a> website and also in my blogs at <a href="http://ilovetovoip.com">ilovetovoip.com</a>.</p>
<p>Regards,</p>
<p>Zeeshan A Zakaria</p>
<p>--<br>
<a href="http://www.ilovetovoip.com">www.ilovetovoip.com</a><br>
<a href="http://www.pbxforall.com">www.pbxforall.com</a> (beta)</p>
<p><blockquote type="cite">On 2010-10-28 3:48 AM, "Per Jessen" <<a href="mailto:per@computer.org">per@computer.org</a>> wrote:<br><br>Over the last two weeks, we have had at least two "incidents" where our<br>
asterisk server got flooded (a hundred or more per second) by SIP<br>
packets. Once from 114.31.50.10, second time from 173.212.200.146. We<br>
became aware of the problem when bandwidth started suffering because<br>
asterisk got very busy sending back replies or rejects (dunno which, I<br>
didn't investigate it any further).<br>
The immediate issues were dealt with by having the firewall drop those<br>
packets, but I was wondering:<br>
<br>
1) if anyone has seen the same problem, and<br>
2) if you've got some iptables rules for limiting inbound SIP by rate?<br>
(or some such).<br>
<br>
<br>
thanks<br>
Per Jessen, Zürich<br>
<br>
--<br>
<a href="http://www.spamchek.com/" target="_blank">http://www.spamchek.com/</a> - your spam is our business.<br>
<br>
<br>
--<br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
New to Asterisk? Join us for a live introductory webinar every Thurs:<br>
<a href="http://www.asterisk.org/hello" target="_blank">http://www.asterisk.org/hello</a><br>
<br>
asterisk-users mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-users" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-users</a></blockquote></p>